A working group of the Sedona Conference has proposed a solid answer to these questions. By its own description, the Sedona Conference is a nonpartisan, nonprofit research and educational institute dedicated to the advanced study of specific law and policy, including privacy and data security law. The Conference has just published a set of commentary on a reasonable security test. The paper is worth reading.
Finding a Test for Reasonable Security Practices: Embrace Complexity and Specifics
halockdev2020-09-29T18:27:57+00:00