Skip links

Data breach accountability and responsibility

Data breaches are a matter of great concern for all businesses in this digital age.

Various companies have taken different approaches to data breaches. Some take the view that IT departments are responsible for securing data, while others believe that the responsibility lies with the individual whose information has been compromised.

It’s important to think about your responsibility as a company before a breach happens, rather than after it has happened.

What is a data breach?

A data breach is the unauthorised disclosure of sensitive, private information to an untrusted environment. Malicious actors can take advantage of a data breach to steal information about organisations, individuals, or both.

There are many ways to define what a data breach actually is: cybercriminals gain access to a vulnerable system and extract files; attackers find and exploit vulnerabilities in the system; unauthorised access to sensitive files by someone with authorised access; or by an insider who was not authorised to view that information.

One of the biggest data breaches in recent history was that of Equifax, a US credit reporting agency. In July 2017, the company reported sensitive information – like credit card numbers, social security numbers, and driver’s license numbers – were stolen in a data breach. An estimated 143 million people across the US, Canada, and the UK were affected.

Who is responsible in the event of a data breach?

Data breach accountability means that corporations have to take responsibility for their errors by informing customers about a security incident as soon as possible, compensating them financially if it affects them, and taking appropriate measures to ensure it doesn’t happen again.

In the event of a data breach, any lapses can have far-reaching consequences as well as hefty fines levied against those who have been negligent.

Pinpointing the culprits of a data breach is a difficult, expensive, and time-consuming process. Many factors can lead to personal data being leaked or stolen, some of which are listed here.

Cyber security lapses

The more we rely on technology for everyday tasks, the more susceptible we are to cyberattacks. Many companies and organisations have been caught in data breaches, and they are often caused by outdated cyber security.

In order to avoid these breaches, firms must be aware of their vulnerabilities and take action before they happen. It is not enough to know that there is a possible attack vector and mitigate it after an incident has occurred.

Malicious actors

Malicious actors are not slowing down their efforts to steal data. They are becoming more and more sophisticated in their attempts to steal private information for profit. However, if this happens, the company or agency is liable as they did not take steps to protect themselves from such an attack.

Negligent or untrained employees

When employees are negligent or untrained, it can lead to the accidental leaking of sensitive business information, through such actions as clicking on a phishing email or ignorantly posting on social media.

It’s important for employees to have the proper training on how to handle sensitive data. They need to recognise the dangers of scam emails and suspicious links.

CEOs and managers

The decision-makers in businesses, CEOs and CMOs, need to be educated on how important data security is. They should also be made aware of the consequences that arise once there is a data breach: loss of customers and reputation, plus hefty fines.

As decision-makers, the CEOs and managers are also the people who have the final say in the company’s software and hardware, or employee training. Regardless of the initial data loss cause, the thread will be traced back to their inattention to detail.

Prioritising prevention over blame

Pointing fingers in the event of a data breach is, at best, a way to hold malicious culprits accountable, and determines gaps in company security so those flaws can be remedied. At worst, it’s a shifting of blame from party to party that could lead to scapegoating.

Either way, security incidents definitively showcase one thing: the business had flaws in its cyber security. This could be from any of the above: ignorant employees, outdated IT infrastructure, or deliberate malicious activity.

All these possibilities can be remedied through cyber security strengthening, employee training, and 24/7 network monitoring.

There is no such thing as perfect cyber security. It is impossible to 100% protect against breaches and malicious. But your business can try to minimise the risk by making sure that it takes every precaution possible and regularly updates its security systems.

It’s important to think about your responsibility as a company before a breach happens, rather than after it has happened.

Get advice from the cyber security experts

Rather than waiting to point fingers and assign blame after a data breach has occurred, it’s vital that you try to minimise the possibility of a data breach before it happens.

Talk to the cyber security specialists at INTELLIWORX about implementing stronger security to your networks, and what your business can do to minimise risk and protect its sensitive data.

This website uses cookies to improve your web experience.