StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Corporate Legal Risk Management - Assignment Example

Cite this document
Summary
From the paper "Corporate Legal Risk Management" it is clear that failures to comply with statutory requirements that govern the notification of security breaches constitute a serious violation of legal provisions, and this poses a grave legal risk to banking institutions. …
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER93.4% of users find it useful
Corporate Legal Risk Management
Read Text Preview

Extract of sample "Corporate Legal Risk Management"

Corporate Legal Risk Management: Case study Effective management of legal risks within an organization inculcates the development of succinct strategies to proactively deal with legal obligations and the associated risks. The issue of appropriate legal risk management has become an ever-increasing essential component of every organization. The major aim of managing legal risks is to help businesses organizations in avoiding its operational risks turning out into legal liabilities. Legal risk management is best utilized when its objective is to highlight, evaluate and manage legal risks that are likely to affect an organization in any given way. Failure to manage any foreseeable legal risk has the potential to affect all sectors of an organization, and this becomes the concern of every shareholder, employee, and business stakeholders in the business. It is plausible that legal risk management is crucial to any organization since it can effectively remove any uncertainties in relation to business operation of the organization, thus avoiding legal liability later in the future. An effective legal risk management initiative should ensure that the company can avoid any costs that may arise due to any form of legal negligence during its operations. Background Information The law that governs obligations in corporate information security in the United States has expanded very rapidly. The latest legal requirement, introduced mainly by laws that were introduced over the last few years, is an obligation to disclose any form of security breaches that involve sensitive personal information to the individuals who are likely to be adversely affected by such kind of breaches. The emergence of these rules that impose a duty to make disclosures for such security breaches has been necessitated by a series of security breaches that started way back in 2005. Following the enactment of these statutes, more than 300 hundred companies, federal agencies, and educational institutions have made disclosures of breaches of sensitive personal information security (Stevens, 2012). These breaches have affected a cumulative total of more one hundred and fifty million individual records. The core response to these breaches has been a regulatory and legislative fury, at both federal and state level. As such, the Congress, as well as many other states, has introduced laws that require organizations to notify individuals affected security breaches that involve their sensitive personal information. Indeed, the federal banking regulatory agencies have issued their final inter-agency guidance for banking institutions regarding the new obligation to disclose any form of security breaches. At least 45 states have already enacted laws governing security breach notification, with most them having a basis on the 2003 California law (California Department of Consumer Affairs, Office of Privacy Protection, 2003). Action on any of the many pending bills is also expected at any time. Notification of a Legal Risk It has come to the attention of the legal risk manager that the institution has delayed in comply fully with the provisions of the current statutory requirements, including the duty to disclose any security breaches to the affected individuals. One of the main reasons why full complying with these obligations has been the belief among the institutions’ management that the regulations do not directly call upon the company to implement security measures. Rather, the regulations impose some form of obligation upon the company to make disclosures of any security breaches when they do occur. Upon a careful analysis by the office of the legal risk manager at this institution, it has been noted that the regulations highlighted above could have a fundamental impact on the company’s corporate security obligations. It is notable that the apparent delay in enacting full compliance with the federal regulation has been borne out of the understanding that the required disclosures could be embarrassing to this institution and serve to publicly demonstrate the institution’s lack of adequate security measures. Without such a law provision, many companies do not make public any information security breaches. In line of this, the fear of negative publicity that may arise out of such disclosures has contributed to the current failure by the company to comply with this federal obligation (Vacca, 2013). Alternatively, it has been noted that the federal requirements have only incentivized the company to seek ways of implementing better security measures that can prevent the occurrence of information security breaches. According to the Federal banking regulators, in case client notification is warranted, a company should not forego notifying its clients of such incidences, regardless of whether the company believes that it may suffer potential embarrassment or inconveniences by doing so (Stevens, 2012). It is with this legal requirement in mind that a legal risk has been identified in the company’s failure to make disclosures of the numerous security breaches that have happened in the recent past, and which may actually happen again in the future. Being a banking institution, it is important to note that the company is under legal obligation to offer security for client personal information. It is observable that the duty to disclose any breaches to the security of that personal information to the affected individuals arguably forms an essential part of that requirement. Therefore, the office of the legal risk manager finds it very important for the company to provide security in line with the Gramm-Leach-Bliley security regulations. In so doing, the benefits will by far out-do the perceived negative publicity that is anticipated to result from such disclosures. The legal risk manager has noted that several benefits expected from a compliance with these federal requirements include a significant reduction of legal risk, effective management of reputation risk, and maintenance of positive customer relations. When viewed as a group, the federal and state security breach reporting rules generally stipulate that any company in possess of computerized sensitive data about an individual should disclose any form of breach to the security of that information (Stevens, 2012). The company has recorded several breaches to the security of clients’ information in the recent few months. In the most recent case, a breach led to the exposure of sensitive information including customer user names on the company’s online platform, as well as exposure of passwords and account numbers. Even though the information technology department was swift in deterring any further encroachments on customer information by the intruders, the failure to notify the affected individuals of such breaches amounted to a breach of federal legal provisions in line with the obligation for security breaches disclosure. The failure to make disclosure could still be defended by quoting the federal interagency Guidance that stipulates that disclosures should only be made when there is sufficient prove of unauthorized acquisition of client data, and a determination by the company that such information has been misused (Stevens, 2012). However, the requirement to make a notification to the bank’s primary regulator, together with appropriate law enforcement is required within the shortest time possible after the company becomes aware of a breach in information security. The notification should be made regardless of whether any misuse of the breached information has occurred or not. The legal risk manager has noted that no kind of notification has been made to the regulator regarding the information security breaches that have occurred in the last few months. To that effect, the office of the legal risk manager remains worried that any such actions in the future are likely to predispose the company to legal liability for failure to comply with statutory requirements regarding full disclosure of security breaches. Gravity of the Legal Risk For purposes of demonstrating the magnitude of the current legal risk, the office of the legal risk manager would to like to make it clear that the federal statutes expressly provide for a private right to action, in case the individuals affected by the company’s failure to comply with the requirements sues the company for damages. Therefore, as a practical matter, the company must apply the strictest standard in all its notification procedures. For, if though it is certainly likely that a particular security breach will prompt notice obligations in line with some breach notification requirements, but not under others, the risk of availing notice to some customers, but not to others, is likely to have detrimental effects on the company’s public relations standing. This calls for careful planning in complying with the federal requirement. The way in which the company prepares for and makes a response to security breaches when they occur should be considered from a critical perspective. It should be noted that prompt action on a variety of fronts is crucial, both from a public relations, and a legal viewpoint (Smedinghoff, 2006). Guidelines for Future Compliance The legal risk manager has noted that with the current proliferation of security breach notification laws, as well as the resulting obligation to disclose breaches, there is a premium on initiating steps, beforehand, to eliminate or reduce the risk of having to make these disclosures. Perhaps the simplest step is this context is to lower the amount of notice-triggering information that the institution collects and maintains. This must begin with a review of data collection practices, both top note where sensitive personal information is stored, and to evaluate whether such information is really required by the company. Even if it is indeed needed, the institution must devise an accurate comprehension and inventory of the sensitive information that it collects and where such information is stored. The bottom line is to identify the accurately manage notice-triggering information, and where not needed, eliminate its collection and subsequent storage. The next process is to ensure that succinct security measures are initiated to protect sensitive personal information that the company collects and stores. To the length that appropriate security can avoid prevent breaches, and hence avoid the need to make the disclosures, it will be worth the effort. Moreover, this kind of security will be likely a legal obligation in any eventuality. Therefore, the company should ensure that it effectively addresses compliance with its legal obligation to provide security to the personal information of its customers. It is also important to note the fact that the security breach notification laws apply only to the unauthorized exposure of unencrypted personal data. Therefore, to the limit reasonably feasible, encryption of all personal information will help in avoiding the need to make the embarrassing information disclosures. Despite the level of information security implemented, breaches may remain inevitable in the future. Therefore, it is necessary to acknowledge that, as a part of an inclusive security program, the institution will need to develop and implement well thought out and legally compliant incident response mechanisms. The plan must ensure that appropriate officers within the company are promptly notified of any security breaches, and that necessary and immediate action is initiated both in responding to the breach, and in terms of notifying the individuals who may be affected by the breach. The plan must also clearly determine how the institution will ensure compliance with the varying requirements of the applicable security breach notification requirements. The best guideline that will ensure future compliance with the federal statutory requirements concerning notification of security breaches must encompass the following: 1. Designate an individual responsible for coordinating incident responses 2. Identification of participants in the incident response activities, including their roles, and full time contact information 3. The adoption of procedures to ensure timely internal notification of the responsible persons when any breaches are detected 4. Enact procedures to manage, control, and address any security breach incidents 5. Implement procedures for prompt notification of law enforcement, regulators, and the public relations department. Finally, it is notable that the development of an incident response plan will give the organization great flexibility in the procedures that can be utilized in notifying the customers affected by any future breaches. Specifically, most states currently allow organizations to implement their own alternate statutory notification requirements. Thus, as long as the company maintains its notification procedures, and given that these notification procedures correlate with the timing requirements of the breach notification statute, the company will be deemed to be in full compliance with the law requirements. It is notable that failures to comply with statutory requirements that govern the notification of security breaches constitute a serious violation of legal provisions, and this poses a grave legal risk to banking institutions. The statutory requirements are mainly established with an aim of protecting the personal information that institutions may have regarding their clients. The disclosure of any breach to the security of such information forms an important part of maintaining the integrity of the information, and making sure that individuals remain confident that any personal information that they provide to institutions is held with utmost confidentiality. Therefore, effective management of legal risks arising from failure to notify customers of any breach to their sensitive information within an organization must involve the development of succinct strategies to proactively deal with legal obligations and the associated risks. Failure to enact measures of dealing with such legal risks might dispose an organization to costly legal liability in the future. References California Department of Consumer Affairs, Office of Privacy Protection, (2003). Recommended Practices on Notification of Security Breach Involving Personal Information. Retrieved 05 September 2014 from www.privacy.ca.gov/recommendations/secbreach.pdf Smedinghoff, T., (2006). Security Breach Notification Law: Defining a New Corporate Obligation. The Bureau of National Affairs, 3 (2) 11-16 Stevens, G., (2012). Data Security Breach Notification Laws. Congressional Research Service. Retrieved 05 September 2014 from www.crs.gov. Vacca, J., (2013). Managing Information Security. New York: Elsevier. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Legal risk manager Assignment Example | Topics and Well Written Essays - 2000 words - 1”, n.d.)
Legal risk manager Assignment Example | Topics and Well Written Essays - 2000 words - 1. Retrieved from https://studentshare.org/law/1656107-legal-risk-manager
(Legal Risk Manager Assignment Example | Topics and Well Written Essays - 2000 Words - 1)
Legal Risk Manager Assignment Example | Topics and Well Written Essays - 2000 Words - 1. https://studentshare.org/law/1656107-legal-risk-manager.
“Legal Risk Manager Assignment Example | Topics and Well Written Essays - 2000 Words - 1”, n.d. https://studentshare.org/law/1656107-legal-risk-manager.
  • Cited: 0 times

CHECK THESE SAMPLES OF Corporate Legal Risk Management

The Portfolio of Current Issues in Risk Management

The Portfolio of Current Issues in risk management Article 1: Culp, S.... Companies however have also sought to establish various steps to manage these risks, including the review of the management of organization risks and the review of the present operating models.... Supply chain risk a hidden liability for many companies.... Culp (2012) discusses how global supply chains can improve efficiency and how they can also increase risk....
9 Pages (2250 words) Essay

Risk Involved In Investment And Portfolio Management

This paper also illuminates the effectiveness of portfolio management to eliminate the risks that are confronted by investors while maximising the returns on investment.... In investment management, risk is often equated with the uncertainty (variability or standard deviation) of possible returns around the expected return.... An investor can greatly minimise the risks associated with investments by means of portfolio management.... According to the essay, risk happens to be the most crucial and inevitable factor involved in financial investment....
4 Pages (1000 words) Essay

Corporate Risk Management Issues

risk management is one such effective strategy that to a great extent can minimize or reduce various types of risks that an organization has to face while carrying out its operations.... Viewing this importance the paper attempts to describe what is risk management or risk management decisions, the direct and indirect costs and benefits of risk management decisions to an organization and how they can be measured.... isk management or risk management decisions are a logical process that aims at eliminating or minimizing the level of risk pertained to any business operations....
10 Pages (2500 words) Essay

Corporate Compliance to Risk Management

The writer of this paper seeks to describe the process of risk management at a corporate level.... Moreover, the research "Corporate Compliance to risk management" provides a description of the risk management model and provides an integrated risk management implementation plan.... risk management plays an important role for a Pre-Paid Phone Cards company allowing management to predict and foresee possible dangers and solutions....
6 Pages (1500 words) Research Paper

International Management

Thunderbird, The American Graduate School of International management, Glendale AZ.... Any significant effect should be analyzed carefully to determine whether reversal increases the risks associated with ownership in the corporation and if so, agree on whether the increased risk is bearable.... egal ConsiderationsDirectors and shareholders must consider legal in a foreign jurisdiction in order to decide which foreign jurisdiction relocate.... In addition to legal matters, corporation should also consider, including political criticism and public concern....
2 Pages (500 words) Assignment

The Portfolio of Current Issues in Risk Management

The paper "The Portfolio of Current Issues in risk management" is an outstanding example of a management annotated bibliography.... The paper "The Portfolio of Current Issues in risk management" is an outstanding example of a management annotated bibliography.... Companies however have also sought to establish various steps to manage these risks, including the review of the management of organizational risks and the review of the present operating models....
14 Pages (3500 words) Annotated Bibliography

Risk Management Activities of Barclays Bank

The banking industry has made considerable progress in addressing the weaknesses in risk management that were highlighted during the global financial crisis of 2008.... The risk management framework and governance structures in particular has experienced significant changes post.... The paper "risk management Activities of Barclays Bank" is a brilliant example of a case study on finance and accounting.... The banking industry has made considerable progress in addressing the weaknesses in risk management that were highlighted during the global financial crisis....
13 Pages (3250 words) Case Study

Corporate Governance Failure and Risk Management - Parmalat Scandal

The paper "Corporate Governance Failure and risk management - Parmalat Scandal" is a perfect example of a finance and accounting case study.... The paper "Corporate Governance Failure and risk management - Parmalat Scandal" is a perfect example of a finance and accounting case study.... The paper "Corporate Governance Failure and risk management - Parmalat Scandal" is a perfect example of a finance and accounting case study.... The case study showed the lack of competency in the Parmalat corporate which required solving as soon as possible through risk management to avoid future inconveniences....
9 Pages (2250 words) Case Study
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us