Sampson Leads Team to Develop “Reasonable Security” Definition in Data Privacy

Led by Shook Partner William Sampson, the Sedona Working Group on Privacy and Data Security Liability has released a Commentary that helps define “reasonable security” practices in data privacy. The Sedona Conference, a nonpartisan, nonprofit research and educational institute dedicated to the study of law and policy, developed the legal definition in data and privacy security law. The commentary focuses on why the legal test is necessary, the cost/benefit analysis of litigation and what the legal test does not address. The Commentary “proposes a reasonable security test that is designed to be consistent with models for determining ‘reasonableness’ that have been used in various other contexts by courts, in legislative and regulatory oversight, and in information security control frameworks.”

The National Law Review praised the findings of the Commentary, noting, “The paper is brilliant at articulating the problems raised by trying to find a ‘reasonable’ set of standards for companies to meet for legal compliance.”