The Lares Institute helps companies understand the role of information in executive decision-making and in broader economic issues. Executive Director Andrew Serwin has written a number of leading works on privacy and information security, including several law review articles on proportionality and governance. Click below to learn more.
Governance.
There are two key white papers on governance that help define what governance is, particularly around technology/cyber and data risk. The first white paper provides key insights into why technology/cyber and data risk are important to most companies, and also defines governance and other key concepts such as operational resiliency, and also distinguishes between “risks” and “root causes.” That white paper can be found here.
That White Paper doesn’t provide the “why” however, and specifically why governance and corporate principles are defined that way. The second white paper, linked here, does exactly that and differentiates between the new SEC disclosure requirements, which are external disclosures, and the already existing Delaware fiduciary duties that impose internal disclosure and requirements to oversee or act upon certain issues. Said differently, the SEC generally requires external disclosure (putting internal control issues around financial systems and other similar issues aside), but state corporate law (usually Delaware) defines the relationships between the shareholders and the company, and the company and its officers and directors. A discussion of those issues, as well as the standards that officers and directors are held to, in context for data and technology/cyber risk is also included, as is an overview of how to define roles. That white paper can be found here.
Key Graphics.
This post contains some key graphics regarding governance and our Hybrid World.
White Papers.
HIPAA 2013. This White Paper examines certain amendments to HIPAA, including the role of information sensitivity in health care information.
Studies.
Eye of the Beholder. This study examines consumer views about privacy, including specific analysis of 100 data elements. It provides guidance for companies seeking to understand how consumers view the use and disclosure of information.
The Demographics of Privacy. This study examines how individuals view privacy and how demographic factors influence the privacy views of individuals.
Data Breaches and the Phantom Damage Allegation. This study examines data breaches, including whether damage exists in the normal breach context.
A Study on Social Media. This study examines social media use patterns, as well as individuals’ views on social media.
Information Superiority.
Making decisions is a core skill that executives must have. Information Superiority is a Department of Defense Doctrine that can help companies facilitate executive decision-making by getting the right information, to the right executives, at the right time, which will help companies increase revenues, reduce costs, optimize risk, mitigate brand damage, and reduce the cyber and industrial espionage risk that companies face. The Lares Institute helps companies implement Information Superiority to aid executive decision-making, and the Lares Institute has published a number of papers and articles regarding Information Superiority.
Information Superiority and Information Sharing–A Solution for the Public and Private Sector. This post examines what Information Superiority is, it’s origins in the public sector, and how it can be implemented to help private sector companies achieve their goals.
Information Superiority–The CEO’s Path to Improved Decision-Making. This post examines the critical role of Information Superiority for today’s CEOs and discusses how Big Data can be harnessed to executives’ advantage. It also addresses why this critical issue is core to executive decision-making and why Information Superiority is a CEO-level concern.
Cybersecurity
Managing cyber-risk is a critical issue for every company, and for C-Level Executives. Whether it is addressing state-sponsored actors, organized crime, or even competitors, making sure that your company has addressed these issues is critical.
Calling All CEOs-Are You Ready to Defend the Battlefield of the 21st Century?
Cybersecurity is a Board Issue–SEC Division of Corporate Finance CF Disclosure Guidance: Topic No. 2
Books.
Information Security and Privacy: A Guide to Federal and State Law and Compliance.
Information Security and Privacy: A Guide to International Law and Compliance.
The Internet Marketing Law Handbook.
Law Review Articles.
Privacy 3.0-The Principle of Proportionality.
Poised on the Precipice: A Critical Examination of Privacy Litigation.