Thomas Smedinghoff: Information Security Laws and Regulations Insights


Episode Artwork
1.0x
0% played 00:00 00:00
Jul 06 2007 14 mins   5

Information Security Media Group's podcast series hosts Thomas Smedinghoff, a well known lawyer in the information security and privacy arena. Listen to him explain recent developments in the patchwork of information security laws. Some of the issues Smedinghoff covers include: the general duty of companies to protect data and how it goes beyond personal data; how basic definition of legal standard in regards to information security are beginning to come in focus; laws that impose duty to warn others (including customers) of a data breach.

He explains while regulations such as Gramm-Leach Bliley Act and Sarbanes Oxley may catch the headlines, there are many others that include information security duties, including state laws and laws specific to certain industry sectors that you need to know.

Smedinghoff also discusses why when making a representation about your data security practices, "Only say what you do, and do what you say" is a good rule to follow. Smedinghoff offers insight into the definition of "reasonable" information security and why risk assessments required under GLBA and FFIEC guidelines are so important to financial institutions.

Thomas Smedinghoff is a partner at Chicago's Wildman Harrold law firm. His practice focuses on the new legal issues relating to the developing field of information law and electronic business activities. He is internationally recognized for his leadership in addressing emerging legal issues regarding electronic transactions, information security, and digital signature authentication issues from both a transactional and public policy perspective. He has been retained to structure and implement e-commerce and information security legal infrastructures for the federal government, numerous state governments, and national and international businesses including banks, insurance companies, investment companies, and certification authorities. He also frequently counsels clients on the law relating to first-of-their-kind electronic transactions, information security legal matters, and e-commerce initiatives. At the same time, he has been actively involved in developing legislation and public policy in the area of electronic business at the state, national, and international levels.