Data security is becoming increasingly important as legal and technical regimes for protecting information grow. And in the realm of information security, there are always two related but different areas to master – the technical and the legal, or, in other words, security and compliance. Lawyers must understand how to classify a client’s data, which rules or regimes that classification triggers, and how to counsel their clients’ compliance with applicable law. From a technical standpoint, a security expert must understand how the rules apply to a particular organization’s network and systems, and, most crucially, how to implement actual security measures in a meaningful and practical way that accomplish the security goals at hand. Whether conducting a prophylactic security audit, investigating a potential breach, or meeting certain compliance standards, the technical and the legal intertwine and demand experience and expertise to render necessary advice.
