Tom Smedinghoff, a partner in the privacy and data protection group in Edwards Wildman’s
Chicago office, discussed how businesses should manage the risks posed by hacking, data breaches and network security failures at an American Bar Association webinar entitled "Cybersecurity Law 101: The Legal Obligations of Every Business to Provide Data Security
," reported Bloomberg BNA Privacy & Data Security Law. In the article, "Written Information Security Programs Help Demonstrate Data Security Compliance," Smedinghoff addressed written information security programs (WISPs) and how a vigorous WISP demonstrates that an organization has taken reasonable care to safeguard its data in a climate of rapidly changing cyberthreats. "Based on some case law that we've seen, it is also a defense to liability,’’ he said. “I think there is a general recognition that security is not perfect and bad things can happen. Just because something bad has happened, does not mean you had legally noncompliant security," said Smedinghoff.