However, this latest breach has sparked further debate on what the penalties should be for companies that allow breaches of customer data to occur.
The Information Commissioner Richard Thomas has previously demanded a jail term for people convicted of disclosing or obtaining personal details without consent.
This call was backed up yesterday by the results of a survey among 107 security professionals conducted by Websense at the March e-Crime Congress.
A quarter of respondents felt that arrest and a jail sentence for a company CEO or board member responsible would be a fitting punishment for a serious company data breach that exposed consumers’ confidential data. Only 3 per cent did not believe there should be any legally enforced punishment.
While retail chief execs have no need to be engaging criminal lawyers just yet, the days when they could palm off issues such as this onto the IT department would seem to be well and truly over. Perhaps the most interesting trend within the survey is a change in opinion on who is ultimately responsible for a data breach.
When the survey was undertaken at the same event in 2007, 21 per cent felt the IT department was ultimately responsible. In the latest figures, the IT department is cited by only 5 per cent; while an overwhelming 95 per cent now believe that the board or CEO should take direct responsibility.
A perfect example of why retail board of directors should include an IT director if ever there was one.
No comments yet