Phantom Responsibility: How Data Security and Privacy Lapses Lead to Personal Liability for Officers and Directors
Partner Christopher Ott authored a chapter titled "Phantom Responsibility: How Data Security and Privacy Lapses Lead to Personal Liability for Officers and Directors" in the International Comparative Legal Guide to: Cybersecurity 2021, published by Global Legal Group Ltd.
Boards of directors ignore data security and privacy risks to companies at the peril of their companies and – increasingly – their own personal liability. A business has its operations halted by ransomware approximately every 10 seconds. Billions of records are exposed every fiscal quarter. The global costs of these breaches and online crime reaches the trillions every year. These potential costs have elevated data security and privacy issues from mere “IT issues”, or compliance minutiae, to the centerpiece of strategic risk management. The law has grown to match this reality. As a result, boards face expanding personal legal liability for the company’s data security and privacy failures.
In 2014, Securities and Exchange Commission Commissioner Luis Aquilar stated that “boards that choose to ignore, or minimize, the importance of cybersecurity oversight responsibility do so at their own peril”. Those perils are changing in real time just as cybersecurity and privacy threats are changing. However, it is possible to identify certain concrete areas of established liability and strategically identify the emergent risks. In the chapter, Christopher explores the current trends and tackles a few harder-to-classify risks related to United States national security oversight of cyber readiness.
To read the article in its entirety, click on document below, or access the article on the ICLG website.