Company Directors Should Have Personal Liability For Data Breaches

The UK's Information Commissioner, Elizabeth Denham, recently recommended at a Parliamentary meeting to discuss the draft Digital Economy Bill, that the government should hold company directors with personal liability and accountability for data breaches.

Under current laws, directors of companies generally have no personal liability or accountability for breaches of data protection law committed by their companies.

Denham gave evidence to a House of Commons Public Bill Committee on the 13th of October, detailing the ICO's recommendations for the Digital Economy Bill, one of which was support for making directors personally liable for breaches of data protection law by their companies.

Denham claimed that the ICO issued a total of £4 million in fines in the last year, and only collected a small percentage of that sum. This is down to companies who had committed serious breaches of data protection law would shut down following the fine, quickly re-opening with the same management, staff and premises only with a new corporate identity.

The ICO recently imposed a fine of £400,000 on UK ISP TalkTalk, which was its largest fine ever for a breach of data protection law. With the General Data Protection Regulation's honeymoon period ending on the 25 May 2018, it will give the ICO the power to impose fines of up to the greater sum of €20 million or 4 percent of worldwide turnover.

While data protection is not a main focus for the Digital Economy Bill, it is clear that a number of its proposed provisions could have a significant impact on data protection compliance obligations for businesses. It remains to be seen whether that proposal will be included in the final Bill.

Some have claimed that the recommendation shows the Commissioner is willing to take stronger action against businesses who fail to abide by data protection laws.

SC Magazine

 

« Self-drive Vehicles – A New Reality
Jason Bourne: Envisioning A ‘frightening’ Cyberwar »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Texplained

Texplained

Texplained specializes in security audits of microchips to identify vulnerabilities and protect against invasive cyber attacks.

Magix Security

Magix Security

Magix Security assesses the cyber threat, gives you visibility of how vulnerable your business is to attack, and provides cybercrime detection and prevention services.

MedCrypt

MedCrypt

MedCrypt are a team of medical device experts focused on bringing modern cybersecurity features to the next generation of healthcare technology.

Yaana Technologies

Yaana Technologies

Yaana is a leading provider of intelligent compliance solutions including lawful interception, data retention & disclosure, and advanced security analytics.

Cyble

Cyble

Cyble Vision enables faster detection of cyber threats and focuses on identifying and analysing the motivations, methods, capabilities and tools of adversaries.

iSolutions

iSolutions

iSolutions is an official reseller and engineering company of leading products and solutions for cybersecurity and information protection, optimization, visualization and control of applications

InfoExpress

InfoExpress

InfoExpress provides network security solutions that enhance productivity and security through better visibility, improved security, and automating device and mobile access to the network.

InfoSystems Inc

InfoSystems Inc

InfoSystems provides reliable IT solutions to build and maintain strong and secure systems for both SMB and enterprise organizations.

Char49

Char49

Char49 specialize in Penetration Testing, Red Team Assessment, Social Engineering and Security Research.

Cyber Security for Europe (CyberSec4Europe)

Cyber Security for Europe (CyberSec4Europe)

CyberSec4Europe is designing, testing and demonstrating potential governance structures for a European Cybersecurity Competence Network.

Tetra Defense

Tetra Defense

Tetra Defense is a leading incident response, cyber risk management and digital forensics firm.

PA Consulting

PA Consulting

PA Consulting Group is a consultancy that specialises in strategy, technology and innovation. Our cyber security experts work with you to spot digital and technology security risks and reduce them.

Input Output (IOHK)

Input Output (IOHK)

IOHK is one of the world's pre-eminent blockchain infrastructure research and engineering companies.

Moore ClearComm

Moore ClearComm

Moore ClearComm is part of Moore Kingston Smith a leading UK firm of accountants and business advisers. Our services include Data Privacy, Cyber Security, Business Continuity and Information Security.

Triangle

Triangle

Triangle enable innovative business transformation by ensuring critical hybrid infrastructures are optimised, interoperable and secure.

Cybastion

Cybastion

Cybastion develops robust world-class cybersecurity solutions tailored to suit the needs of different businesses, governments and public sector entities.