• About
  • Offices
  • Careers
  • News
  • Students
  • Alumni
  • Payments
  • EN | FR
Background Image
Bennett Jones Logo
  • People
  • Expertise
  • Knowledge
  • Search
  • FR Menu
  • Search Mobile
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
View all
Practices
Corporate Litigation Regulatory Tax View all
Industries
Capital Projects Energy Funds & Finance Mining View all
Advisory
Crisis & Risk Management ESG Strategy and Solutions Governmental Affairs & Public Policy
View Client Work
International Experience
Insights News Events New Energy Economy Series
Business Law Talks Podcast Economic Outlook Class Actions: Looking Forward Quarterly M&A Insights
ESG & the CIO Subscribe
People
Practices
Industries
Advisory Services
Client Work
About
Offices
News
Careers
Insights
Law Students
Events
Search
Alumni
Payments
Subscribe

Stay informed on the latest business and legal insights and events.

LinkedIn LinkedIn Twitter Twitter Vimeo Vimeo
 

Commentary on a Reasonable Security Test

September 2020

Download PDF

     
Download PDF Commentary on a Reasonable Security Test

The Sedona Conference Working Group on Data Security and Privacy Liability (WG11) developed this Commentary to address what “legal test” a court or other adjudicative body should apply in a situation where a party has, or is alleged to have, a legal obligation to provide “reasonable security” for personal information, and the issue is whether the party in question has met that legal obligation.

The Commentary proposes a reasonable security test that is designed to be consistent with models for determining “reasonableness” that have been used in various other contexts by courts, in legislative and regulatory oversight, and in information security control frameworks. All of these regimes use a form of risk analysis to balance cost and benefit. The proposed test provides a practical method for expressing cost/benefit analysis that can be applied in data security regulatory actions, to litigation, and to information security practitioners using their current evaluation techniques. The Commentary also explains how the analysis should apply in the data security context. Because the test is rooted in commonly held principles, the drafters believe it offers methods for deriving reasonableness that are familiar to all interested parties. But it should be noted that depending on their text, individual laws or rules that require reasonable security might require use of a different analysis.

The Commentary begins with a brief summary of the importance of having a test, the reasoning behind a cost/benefit approach for the test, and what issues the test does not address. Part I sets out the proposed test and the explanation of how it is applied. Part II provides review and analysis of existing resources that offer guidance on how “reasonable security” has been defined and applied to date and explains how they bear upon the test. It includes a summary review of statutes and regulations that require organizations to provide reasonable security with respect to personal information, decisions of courts and other administrative tribunals with respect to the same, applicable industry standards, and marketplace information. Following this discussion, the Commentary identifies those items that are not included in the proposed test (also referenced in the Introduction section) and concludes with a discussion regarding the importance of flexibility.

The full text of The Sedona Conference Commentary on a Reasonable Security Test, Public Comment Version, is available free for individual download from The Sedona Conference website.

Ruth Promislow was a contributing editor of this piece.

Key Contact

  • Ruth E. Promislow Ruth E. Promislow, Partner

Our Managing Partners on Workplaces Where Women Thrive

Related Links

  • Insights
  • Media
  • Subscribe

Related Expertise

  • Privacy & Data Protection

Recent Posts

In The News

Dominique Hussey Featured in Women in IP Leadership

June 08, 2023
       

In The News

John Manley on the Bank of Canada's Latest Rate Hike

June 08, 2023
       

Speaking Engagements

Investment Restrictions and Vacancy Taxes and the Impacts on Developers

June 08, 2023
       

Speaking Engagements

Strategies to Manage New, Complex and Conflicting Sanctions

June 08, 2023
       

In The News

What's the Big Picture in the Canadian Economy?

June 07, 2023
       

Speaking Engagements

Capitalizing Indigenous Business: Towards A Supercharged Canadian Economy

June 02, 2023
       

Client Work

Low-Carbon Energy Leader EDF Issues $500 Million Maple Bond

June 01, 2023
       

Updates

Class Actions: Looking Forward 2023

June 01, 2023
       

Speaking Engagements

Advising Tech-Enabled Startup Companies

May 30, 2023
       
Bennett Jones Centennial Footer
Bennett Jones Centennial Footer
About
  • Leadership
  • Diversity
  • Community
  • Innovation
  • Security
  • History
Offices
  • Calgary
  • Edmonton
  • Montréal
  • Ottawa
  • Toronto
  • Vancouver
  • New York
Connect
  • Insights
  • News
  • Events
  • Careers
  • Students
  • Alumni
Subscribe

Stay informed on the latest business and legal insights and events.

LinkedIn LinkedIn Twitter Twitter Vimeo Vimeo
© Bennett Jones LLP 2023. All rights reserved.
  • Privacy Policy
  • Disclaimer
  • Terms of Use
Logo Bennett Jones