{"id":127,"date":"2017-07-18T16:43:20","date_gmt":"2017-07-18T20:43:20","guid":{"rendered":"https:\/\/www.amp.legal\/blog\/?p=127"},"modified":"2019-01-04T15:54:26","modified_gmt":"2019-01-04T20:54:26","slug":"cyber-security-assessment-to-evaluate-data","status":"publish","type":"post","link":"https:\/\/www.amp.legal\/blog\/cyber-security-assessment-to-evaluate-data\/","title":{"rendered":"Risk Assessment To Evaluate Data"},"content":{"rendered":"

Companies gather lots of personal data about their clients as\u00a0they grow and become successful. Data that a company collects is\u00a0an important asset, but it can also be a liability when a data breach happens. After a breach, most states require a business to notify compromised clients.<\/p>\n

\"\"In many state breach laws<\/a>, the term \u201cpersonal information\u201d is often defined as a first and last name (or first initial and last name) with another piece of identification. The other identification piece may be a\u00a0social security number or an identification card number (e.g. driver\u2019s license, passport, military, or government). Florida law defines \u201cpersonal information\u201d as \u201ca user name or email address, in combination with a password or security question and answer that would permit access to an online account.\u201d<\/p>\n

Evaluating Company Data<\/h3>\n

A business manager\u00a0needs to carefully examine its computerized data by performing an assessment. A Data Risk Assessment involves evaluating\u00a0a company\u2019s data with\u00a0four criteria:<\/p>\n

    \n
  1. Types of Data<\/strong>: Classify confidential data that the law considers as\u00a0\u201cpersonal information.\u201d Review data restrictions in contracts, business associate agreements, and privacy policies.<\/li>\n
  2. Uses of Data<\/strong>: Examine where the company stores data\u00a0(data-at-rest), where data\u00a0moves (data-in-transit), and how the company uses data\u00a0(data-in-use).<\/li>\n
  3. Requirements of Data<\/strong>: Review legal responsibilities in state and federal laws, including data breach regulations\u00a0and online privacy acts.<\/li>\n
  4. Management of Data<\/strong>: Confirm who is responsible for controlling\u00a0the data, which includes monitoring and securing the flow of information.<\/li>\n<\/ol>\n

    When conducting a\u00a0Data Risk Assessment, consider the promises made to clients\u00a0and agreements made with other business associates. For example, a company\u2019s privacy policy should include an \u201copt out\u201d provision when a company shares data\u00a0with other companies. This means the company should have a procedure in place to ensure it processes and follows each \u201copt out\u201d request.<\/p>\n

    A\u00a0Data Risk Assessment is critical to implementing company policies such as internal controls and data retention schedules. Importantly, the assessment serves as a framework for a company’s cyber due diligence to secure sensitive information.<\/p>\n","protected":false},"excerpt":{"rendered":"

    Companies gather lots of personal data about their clients as\u00a0they grow and become successful. Data that a company collects is\u00a0an important asset, but it can also be a liability when a data breach happens. After […]<\/p>\n","protected":false},"author":1,"featured_media":169,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[32,13,11,66,12,109,9],"yoast_head":"\nRisk Assessment To Evaluate Data - Cyber Law Blog<\/title>\n<meta name=\"description\" content=\"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.amp.legal\/blog\/cyber-security-assessment-to-evaluate-data\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Risk Assessment To Evaluate Data - Cyber Law Blog\" \/>\n<meta property=\"og:description\" content=\"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.amp.legal\/blog\/cyber-security-assessment-to-evaluate-data\/\" \/>\n<meta property=\"og:site_name\" content=\"Cyber Law Blog\" \/>\n<meta property=\"article:published_time\" content=\"2017-07-18T20:43:20+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-01-04T20:54:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/07\/city-lights.png\" \/>\n\t<meta property=\"og:image:width\" content=\"900\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.amp.legal\/blog\/cyber-security-assessment-to-evaluate-data\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/cyber-security-assessment-to-evaluate-data\/\"},\"author\":{\"name\":\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/2abed582dc9fbf067a8aa30d3e21453f\"},\"headline\":\"Risk Assessment To Evaluate Data\",\"datePublished\":\"2017-07-18T20:43:20+00:00\",\"dateModified\":\"2019-01-04T20:54:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/cyber-security-assessment-to-evaluate-data\/\"},\"wordCount\":345,\"publisher\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/#organization\"},\"keywords\":[\"cyber due diligence\",\"cyber security\",\"data management\",\"florida\",\"privacy policy\",\"risk assessment\",\"state breach laws\"],\"articleSection\":[\"Data Breach Laws\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.amp.legal\/blog\/cyber-security-assessment-to-evaluate-data\/\",\"url\":\"https:\/\/www.amp.legal\/blog\/cyber-security-assessment-to-evaluate-data\/\",\"name\":\"Risk Assessment To Evaluate Data - Cyber Law Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/#website\"},\"datePublished\":\"2017-07-18T20:43:20+00:00\",\"dateModified\":\"2019-01-04T20:54:26+00:00\",\"description\":\"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/cyber-security-assessment-to-evaluate-data\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.amp.legal\/blog\/cyber-security-assessment-to-evaluate-data\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.amp.legal\/blog\/cyber-security-assessment-to-evaluate-data\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.amp.legal\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Risk Assessment To Evaluate Data\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#website\",\"url\":\"https:\/\/www.amp.legal\/blog\/\",\"name\":\"Cyber Law Blog\",\"description\":\"Exploring technology law in cyberspace\",\"publisher\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.amp.legal\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#organization\",\"name\":\"Alice M. Porch, P.A.\",\"url\":\"https:\/\/www.amp.legal\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/08\/AMP-Logo.png\",\"contentUrl\":\"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/08\/AMP-Logo.png\",\"width\":1104,\"height\":1114,\"caption\":\"Alice M. Porch, P.A.\"},\"image\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/2abed582dc9fbf067a8aa30d3e21453f\",\"name\":\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b0913e4ef042f9c502b709824db43e8f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b0913e4ef042f9c502b709824db43e8f?s=96&d=mm&r=g\",\"caption\":\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\"},\"description\":\"Alice is a member of the Florida Bar, and she focuses on data privacy and cybersecurity compliance. She attended the Warrington College of Business at the University of Florida and earned a Bachelor of Science in Business Administration. After graduating, she earned a Juris Doctor at the Stetson University College of Law. During law school, she served as an Assistant Executive Editor for Stetson Law Review and also as a Staff Editor for Stetson Journal of Advocacy and the Law. She also served as a member of The Florida Bar Journal\/News Editorial Board from 2018-2024. She is currently a member of the Florida Bar Cybersecurity and Privacy Law Substantive Law Committee.\",\"sameAs\":[\"https:\/\/www.aliceporch.com\",\"https:\/\/www.linkedin.com\/in\/alice-m-porch\/\"],\"url\":\"https:\/\/www.amp.legal\/blog\/author\/amplegal\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Risk Assessment To Evaluate Data - Cyber Law Blog","description":"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.amp.legal\/blog\/cyber-security-assessment-to-evaluate-data\/","og_locale":"en_US","og_type":"article","og_title":"Risk Assessment To Evaluate Data - Cyber Law Blog","og_description":"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.","og_url":"https:\/\/www.amp.legal\/blog\/cyber-security-assessment-to-evaluate-data\/","og_site_name":"Cyber Law Blog","article_published_time":"2017-07-18T20:43:20+00:00","article_modified_time":"2019-01-04T20:54:26+00:00","og_image":[{"width":900,"height":525,"url":"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/07\/city-lights.png","type":"image\/png"}],"author":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.amp.legal\/blog\/cyber-security-assessment-to-evaluate-data\/#article","isPartOf":{"@id":"https:\/\/www.amp.legal\/blog\/cyber-security-assessment-to-evaluate-data\/"},"author":{"name":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+","@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/2abed582dc9fbf067a8aa30d3e21453f"},"headline":"Risk Assessment To Evaluate Data","datePublished":"2017-07-18T20:43:20+00:00","dateModified":"2019-01-04T20:54:26+00:00","mainEntityOfPage":{"@id":"https:\/\/www.amp.legal\/blog\/cyber-security-assessment-to-evaluate-data\/"},"wordCount":345,"publisher":{"@id":"https:\/\/www.amp.legal\/blog\/#organization"},"keywords":["cyber due diligence","cyber security","data management","florida","privacy policy","risk assessment","state breach laws"],"articleSection":["Data Breach Laws"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.amp.legal\/blog\/cyber-security-assessment-to-evaluate-data\/","url":"https:\/\/www.amp.legal\/blog\/cyber-security-assessment-to-evaluate-data\/","name":"Risk Assessment To Evaluate Data - Cyber Law Blog","isPartOf":{"@id":"https:\/\/www.amp.legal\/blog\/#website"},"datePublished":"2017-07-18T20:43:20+00:00","dateModified":"2019-01-04T20:54:26+00:00","description":"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.","breadcrumb":{"@id":"https:\/\/www.amp.legal\/blog\/cyber-security-assessment-to-evaluate-data\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.amp.legal\/blog\/cyber-security-assessment-to-evaluate-data\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.amp.legal\/blog\/cyber-security-assessment-to-evaluate-data\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.amp.legal\/blog\/"},{"@type":"ListItem","position":2,"name":"Risk Assessment To Evaluate Data"}]},{"@type":"WebSite","@id":"https:\/\/www.amp.legal\/blog\/#website","url":"https:\/\/www.amp.legal\/blog\/","name":"Cyber Law Blog","description":"Exploring technology law in cyberspace","publisher":{"@id":"https:\/\/www.amp.legal\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.amp.legal\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.amp.legal\/blog\/#organization","name":"Alice M. Porch, P.A.","url":"https:\/\/www.amp.legal\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/08\/AMP-Logo.png","contentUrl":"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/08\/AMP-Logo.png","width":1104,"height":1114,"caption":"Alice M. Porch, P.A."},"image":{"@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/2abed582dc9fbf067a8aa30d3e21453f","name":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/b0913e4ef042f9c502b709824db43e8f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b0913e4ef042f9c502b709824db43e8f?s=96&d=mm&r=g","caption":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+"},"description":"Alice is a member of the Florida Bar, and she focuses on data privacy and cybersecurity compliance. She attended the Warrington College of Business at the University of Florida and earned a Bachelor of Science in Business Administration. After graduating, she earned a Juris Doctor at the Stetson University College of Law. During law school, she served as an Assistant Executive Editor for Stetson Law Review and also as a Staff Editor for Stetson Journal of Advocacy and the Law. She also served as a member of The Florida Bar Journal\/News Editorial Board from 2018-2024. She is currently a member of the Florida Bar Cybersecurity and Privacy Law Substantive Law Committee.","sameAs":["https:\/\/www.aliceporch.com","https:\/\/www.linkedin.com\/in\/alice-m-porch\/"],"url":"https:\/\/www.amp.legal\/blog\/author\/amplegal\/"}]}},"_links":{"self":[{"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/posts\/127"}],"collection":[{"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/comments?post=127"}],"version-history":[{"count":12,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/posts\/127\/revisions"}],"predecessor-version":[{"id":876,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/posts\/127\/revisions\/876"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/media\/169"}],"wp:attachment":[{"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/media?parent=127"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/categories?post=127"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/tags?post=127"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}