lecture image Cybersecurity Lecture Series
Defining “Reasonable” Security—A Process View
David A. Stampley, KamberLaw
Digital Media Center Theatre
November 03, 2017 - 11:00 am

Laws, regulations, and common sense call for reasonable security measures to protect certain classes of data. If you ask, “What does ‘reasonable’ mean?” the response is often, “It depends.” With that as a starting point, this discussion looks at examples of actors and their process contexts to examine:


• Definitions of reasonableness that have been established by public, professional, and private actors, so far


• Processes used to arrive at those definitions and that, going forward, will be used to redefine reasonableness


• Ways that security stakeholders can anticipate the “it depends” factors, and even influence the definition of reasonableness

Speaker's Bio:

Dave Stampley is a partner at KamberLaw. In litigation and counseling clients, he evaluates privacy and security compliance risks in consumer-facing applications and devices, frequently incorporating findings from digital forensics experts. He started practicing data privacy and security law in 1999 at Thelen Reid & Priest, as clients entered e-commerce and addressed Y2K risks. He left private practice to serve

as an assistant attorney general in the New York State A.G.’s office. There, he led some of the first regulatory enforcement actions to protect consumers from data breaches and spyware. Subsequently, as director of privacy for Reynolds & Reynolds, a global provider of hosted and installed retail management systems, Dave integrated a compliance framework into the solutions development-delivery-support lifecycle. Next,

serving as a Neohapsis consultant (since acquired by Cisco), he incorporated compliance analysis into the delivery of IT security audits and enterprise security program reviews. He also managed e-discovery engagements and served as Neohapsis’s general counsel. Dave began his legal career as a prosecutor in the Manhattan D.A.’s office. He graduated from the University of Virginia School of Law and previously worked in IT development.