Information Security Implications for Business Agreements


On February 12, 2013, President Obama signed an Executive Order (“Order”) that outlined a voluntary cybersecurity framework (“Framework”) designed to help protect the nation’s critical infrastructure, which is generally defined as those systems or assets, whether physical or virtual, which are so vital to the United States that their incapacitation or destruction would harm public health or safety, economic security, or national security. The Department of Homeland Security has already designated the following 16 economic sectors as home to the U.S. critical infrastructure: information technology services, energy, telecommunications, banking and financial services, chemicals, manufacturing, transportation, emergency services, food and agriculture, healthcare and public health, the defense industrial base, government and commercial facilities, nuclear reactors, materials and waste, and water and wastewater systems. The Framework may therefore apply to countless companies of all sizes across a wide variety of critical infrastructure industries.

More generally, the Order has important implications for any private sector business because information security has rapidly become a hot button issue in this age of growing economic espionage, intellectual property and trade secret theft, and sensitivity to customer privacy. An increasing number of companies have recently reported data security breaches. Even a single security incident may lead to regulatory penalties, shareholder or customer class-action lawsuits, loss of customers to competitors, and irreparable damage to a company’s brand or reputation. A company’s best defense against any of these potential pitfalls is to take the steps necessary to sufficiently protect all proprietary and customer data.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.