Emily Westridge Black and Chris Quinlan for Chain Store Age: Developing an Effective Approach to Cybersecurity


With major data breaches making headline news on a near-weekly basis, the retail industry is increasingly focused on cybersecurity. When creating their cybersecurity plans, retailers should: 

Create a strong cybersecurity team that is cross-sectional, and include personnel from legal, information technology, human resources, and communications or public relations departments. The team should also include at least one member of senior management.

Conduct a “privacy survey,” which is the process of identifying the legal, regulatory, and contractual obligations to protect data.  Among other things, retailers should consider their obligations under state laws to protect “personally identifiable information” (“PII”), which generally includes data that can be used to identify a specific individual including social security numbers, driver’s license numbers, financial account information, and other identifying information.

Retailers should also consider their contractual obligations, which likely include obligations to protect payment card information (“PCI”) under the rules established by card brands like Visa and MasterCard.

Excerpted from Chain Store Age. To read the full article, click here.

Related Practices

Email Disclaimer