Update - Missouri Lawyers Weekly Features Shook Partner's Role in Defining Reasonable Security Practices

Missouri Lawyers Weekly spoke to Shook Partner William Sampson about his leadership role in helping define “reasonable” data security and what the findings could mean for businesses.

Following two years of research and writing, the Sedona Working Group on Privacy and Data Security Liability, led by Sampson, has released a Commentary which helps define reasonable security practices in data privacy. The Sedona Conference, a nonpartisan, nonprofit research and educational institute dedicated to the advanced study of law and policy, recently tackled the legal definition in data and privacy security law.

“I think the Sedona Conference hopes that the ideas advanced in this Commentary will be adopted by the courts and by regulators,” Sampson said to MLW.

Sampson got involved with the Sedona Conference through his colleague, Al Saikali who leads Shook’s Privacy and Data Security Practice. Sampson says there is no “one-size-fits-all” standard. He gave MLW an example of a “rural health provider weighing whether to use a standard form of data security such as multifactor authentication to access medical records. Inserting that extra step might prevent someone from accessing patient information if a laptop were to be stolen. But it also might prevent a doctor from getting critical information about a patient in an area with spotty cell service.”

Although typically a product liability, commercial class action and business litigator, Sampson used his 50 years of legal experience to help make “the trains run on time.”

Update February 2021 – The final post-public-comment is now complete and is the version that courts will recite. It was developed after receiving comments on the public draft from practioners, technologist, judges, and other readers around the world.