Information Security Law: The Emerging Standard for Corporate Compliance

In today’s business environment, virtually all of a company’s daily transactions and all of its key records are created, used, communicated, and stored in electronic form using networked computer technology. Most business entities are, quite literally, fully dependent upon information technology and an interconnected information infrastructure.

Emerging information security compliance requirements.

While this reliance on technology provides tremendous economic benefits, it also creates significant potential vulnerabilities that can lead to major harm to a company and its various stakeholders. As a result, public policy concerns regarding these risks are driving the enactment of numerous laws and regulations that require businesses to adequately address the security of their own data.

Information Security Law: The Emerging Standard for Corporate Compliance is designed to help companies understand this developing law of information security, the obligations it imposes on them, and the standard for corporate compliance that appears to be developing worldwide. ISO/IEC 27001, the international information security standard, should be read alongside this book.

Emerging global legal framework - and compliance in multiple jurisdictions.

This book takes a high level view of the multitude of security laws and regulations, and summarizes the global legal framework for information security that emerges from them. It is written for companies struggling to comply with several information security laws in multiple jurisdictions, as well as for companies that want to better understand their obligations under a single law. It explains the common approach of most security laws, and seeks to help businesses understand the issues that they need to address to become generally legally compliant.

About the Author

Thomas J. Smedinghoff is a partner in the Privacy, Data Security, and Information Law Practice at the law firm of Wildman, Harrold, Allen & Dixon LLP in Chicago. His practice focuses on the developing field of information law and electronic business activities, with an emphasis on information security and privacy issues, electronic transactions, and the corporate use and management of information generally.

Mr Smedinghoff has been actively involved in developing e-business and information security legal policy, both in the US and globally. He currently serves as a member of the US Delegation to the United Nations Commission on International Trade Law (UNCITRAL) Working Group on Electronic Commerce, where he participated in negotiation of the 2005 United Nations Convention on the Use of Electronic Communications in International Contracts. He chaired the Illinois Commission on Electronic Commerce and Crime (1996-1998) that wrote the Illinois Electronic Commerce Security Act. He also served as an American Bar Association advisor to the Uniform Law Commission, where he participated in drafting the Uniform Electronic Transactions Act (UETA) now enacted in 46 of the 50 states in the US.

Mr Smedinghoff currently chairs the International Policy Coordinating Committee of the American Bar Association (ABA) Section of Science & Technology Law. Previously, he was chair of the ABA Section of Science & Technology Law (1999-2000) and chair of the ABA Electronic Commerce Division (1995-2003).

He is also the editor and primary author of the e-commerce book titled Online Law: The Legal Guide to Doing Business on the Internet (1996).