Klemchuk

View Original

Data Breach Prevention Requires an All-Hands Approach

The best way businesses can protect themselves from big data breaches is to have and implement a comprehensive data security plan that aligns IT, HR, legal and compliance, among other functional areas. That's why data breach prevention requires an all-hands necessary approach.

A Proper Plan for Data Breach Prevention

The plan should begin with clear and detailed policies and practices for internal personnel and external contractors and vendors, which are communicated regularly and supported by appropriate training, audit and enforcement procedurees.

Policies should include password protected access, limited to only relevant personnel for the specific function or activity. On and off site storage facilities, whether first or third-party, should include tier-one security, redundancy, back-up and fail-over systems with regular audits for compliance with domestic and international standards.

Encryption for Data Breach Prevention

Data should be encrypted and accessed only by strong password protocols combining letters, numbers and symbols with regular requirements to materially change passwords. All personnel, as a condition to hiring or engagement, should be required to execute acknowledgements of data security policies and procedures that include non-disclosure, non-solicitation and, under appropriate circumstances, non-competition covenants, as well as work-for-hire provisions and assignments of IP rights in favor of the enterprise.

Also, take special care with mobile devices to provide secure, exclusive areas for maintaining enterprise data, encrypted and password secured, separate and apart from any personal data, that can be unilaterally and remotely wiped in the event the relationship terminates. Bring-you-own-device is becoming more popular, but presents additional data security concerns where control and access can be limited.

For more information on this topic, please visit our Technology and Transactions service page.

Klemchuk LLP is an Intellectual Property (IP), Technology, Internet, and Business law firm.  The firm offers comprehensive legal services including litigation and enforcement of all forms of IP as well as registration and licensing of patents, trademarks, trade dress, and copyrights.  The firm also provides a wide range of technology, Internet, e-commerce, and business services including business planning, formation, and financing, mergers and acquisitions, business litigation, data privacy, and domain name dispute resolution. 

Klemchuk LLP hosts Culture Counts, a blog devoted to the discussion of law firm culture and corporate core values with frequent topics about positive work environment, conscious capitalism, entrepreneurial management, positive workplace culture, workplace productivity, and corporate core values.