Attorneys and Legal Professionals Duty of Care Risk Assessments for Reasonable Security
I am an Attorney
Whether you are internal counsel or providing advice for your clients, attorneys should evaluate the organization’s risk assessment criteria to determine if it meets duty of care.
If you or one of your clients is breached and your case goes to litigation, you will be asked to demonstrate duty of care. The legal concept of duty of care requires that organizations demonstrate they used controls to ensure that risk was reasonable to the organization and appropriate to other interested parties at the time of the breach.
Attorneys and Legal Professionals Duty of Care Risk Assessments – The day you are sued for a data breach, you will be asked eight questions that you will want to prepare your organization or client for; attorneys should be know how to address.
Data Breaches are litigated in terms of negligence. Judges and interested parties are trying to determine if your organization/client was doing something reasonable to prevent harm to others.
DoCRA (Duty of Care Risk Analysis) is a standard by which organizations may align their risk assessments to demonstrate reasonable and appropriate. The standard includes a method for organizations to clearly calculate and prioritize risk as well as define acceptable risk.
Do You Know Reasonable?
As attorneys or legal professionals, if you are looking for assistance in bringing your risk method in line with Duty of Care Risk Assessments DoCRA (DoCRA.org), we can help establish ‘reasonable’.
HALOCK supports you with Regulatory Advisory, Advisory & Strategic Planning, Breach Response, Litigation, Post Breach Risk Assessment services.
HALOCK is a cyber security consulting firm headquartered in Schaumburg, IL, in the Chicago area and advises clients on reasonable information security strategies, risk assessments, PCI, HIPAA, and Privacy compliance, incident response, penetration testing, security management and architecture reviews throughout the US. HALOCK partners with you to establish reasonable security controls based on your organization’s mission, objectives, and obligations.
