Data privacy and security are often framed as organizational requirements, and as such include discussions of ROI, staffing, compliance, and so on. However, the obligations enterprises and agencies face in protecting data extend beyond liability, because the data they protect often represents someone’s life and well-being.
As a result, duty of care is evolving from a legal obligation into a defining principle of governance. The organizations that recognize this shift are reframing risk management as such an obligation.