• About
  • Offices
  • Careers
  • News
  • Students
  • Alumni
  • Payments
  • EN | FR
Background Image
Bennett Jones Logo
  • People
  • Expertise
  • Knowledge
  • Search
  • FR Menu
  • Search Mobile
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
View all
Practices
Corporate Litigation Regulatory Tax View all
Industries
Energy Infrastructure Mining Private Equity & Investment Funds View all
Advisory
Crisis & Risk Management Public Policy
View Client Work
International Experience
Insights News Events Subscribe
Arbitration Angle Artificial Intelligence Insights Business Law Talks Podcast Class Actions: Looking Forward Class Action Quick Takes
Economic Outlook New Energy Economy Series Private Equity Briefings Quarterly Fintech Insights Quarterly M&A Insights
Sustainability & the CIO
People
Offices
About
Practices
Industries
Advisory Services
Client Work
Insights
News
Events
Careers
Law Students
Alumni
Payments
Search
Subscribe

Stay informed on the latest business and legal insights and events.

LinkedIn LinkedIn Twitter Twitter Vimeo Vimeo
 

Commentary on a Reasonable Security Test

September 2020

Download PDF

     
Download PDF Commentary on a Reasonable Security Test

The Sedona Conference Working Group on Data Security and Privacy Liability (WG11) developed this Commentary to address what “legal test” a court or other adjudicative body should apply in a situation where a party has, or is alleged to have, a legal obligation to provide “reasonable security” for personal information, and the issue is whether the party in question has met that legal obligation.

The Commentary proposes a reasonable security test that is designed to be consistent with models for determining “reasonableness” that have been used in various other contexts by courts, in legislative and regulatory oversight, and in information security control frameworks. All of these regimes use a form of risk analysis to balance cost and benefit. The proposed test provides a practical method for expressing cost/benefit analysis that can be applied in data security regulatory actions, to litigation, and to information security practitioners using their current evaluation techniques. The Commentary also explains how the analysis should apply in the data security context. Because the test is rooted in commonly held principles, the drafters believe it offers methods for deriving reasonableness that are familiar to all interested parties. But it should be noted that depending on their text, individual laws or rules that require reasonable security might require use of a different analysis.

The Commentary begins with a brief summary of the importance of having a test, the reasoning behind a cost/benefit approach for the test, and what issues the test does not address. Part I sets out the proposed test and the explanation of how it is applied. Part II provides review and analysis of existing resources that offer guidance on how “reasonable security” has been defined and applied to date and explains how they bear upon the test. It includes a summary review of statutes and regulations that require organizations to provide reasonable security with respect to personal information, decisions of courts and other administrative tribunals with respect to the same, applicable industry standards, and marketplace information. Following this discussion, the Commentary identifies those items that are not included in the proposed test (also referenced in the Introduction section) and concludes with a discussion regarding the importance of flexibility.

The full text of The Sedona Conference Commentary on a Reasonable Security Test, Public Comment Version, is available free for individual download from The Sedona Conference website.

Ruth Promislow was a contributing editor of this piece.

Key Contact

  • Ruth E. Promislow Ruth E. Promislow, Partner

Related Links

  • Insights
  • Media
  • Subscribe

Related Expertise

  • Privacy & Data Protection

Recent Posts

Articles

Climate Change Initiatives: Selected Recent Changes and the Application of Existing Tax Principles to Clean Energy—Part 2

July 21, 2025
       

Articles

Tariff Tensions: Managing Risk Through Carefully Drafted Construction Contracts

July 21, 2025
       

Speaking Engagements

Sabrina Bandali spoke at the 71 Annual Natural Resources

July 17, 2025
       

Client Work

Canada Infrastructure Bank Closes C$1 Billion Financing to Support Montréal-Trudeau Transformation

July 16, 2025
       

In The News

John Manley on the CBC News Network

July 11, 2025
       

Speaking Engagements

Rethinking Cyber Risk in the Age of AI: What Boards Need to Know

July 08, 2025
       

Announcements

Eighteen Bennett Jones Lawyers Ranked in Lexpert's Special Edition on Health Sciences

July 02, 2025
       

Client Work

Bennett Jones Acts for Canadian Pacific Kansas City Limited in Overturning C$228 Million Judgment

July 02, 2025
       

Announcements

Harinder Basra Appointed Calgary Managing Partner at Bennett Jones

July 01, 2025
       
Bennett Jones Centennial Footer
Bennett Jones Centennial Footer
About
  • Leadership
  • Diversity
  • Community
  • Innovation
  • Security
Offices
  • Calgary
  • Edmonton
  • Montréal
  • Ottawa
  • Toronto
  • Vancouver
  • New York
Connect
  • Insights
  • News
  • Events
  • Careers
  • Students
  • Alumni
Subscribe

Stay informed on the latest business and legal insights and events.

LinkedIn LinkedIn Twitter Twitter Vimeo Vimeo
© Bennett Jones LLP 2025. All rights reserved.
  • Privacy Policy
  • Disclaimer
  • Terms of Use
Logo Bennett Jones