Preparing for a data breach: Data security regulations and best practices

May 28, 2015

Westlaw Journals Commentary thumbPatricia Bailin and Arielle Brown of the International Association of Privacy Professionals say companies need to realize that sooner or later, they will be hacked.

Preemptive measures are needed to mitigate that risk, and so is an incident response plan for when trouble inevitably strikes.

Fast technological changes mean the rules framing security standards are set at a high level of abstraction, to apply across business models and technologies.  This ambiguity leaves much of the design and implementation to organizations themselves, and forces companies to view compliance not as a “one size fits all” requirement but a constant work in progress.

(WestlawNext users: Click here for the full article.)

Bailin-Brown - REUTERS Kacper Pempel

REUTERS – Kacper Pempel


Patricia Bailin and Arielle Brown are Westin Research Fellows for the International Association of Privacy Professionals’ Westin Research Center.  The center produces a variety of projects on topics chosen with a goal of supporting the growth and development of the privacy profession and furthering understanding of major privacy issues.  They can be reached at and