BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CEOs deserve jail for data breaches

From: Allen <netsecurity () sound-by-design com>
Date: Mon, 30 Jun 2008 08:24:28 -0700


Jeff wrote:

Putting a CEO in jail for a data breach would be ridiculous unless the
person were directly responsible for releasing the protected information.
Jails are already over crowded and this would not solve the problem.
Generally, it's hard to find people more clueless about IT than a CEO! 


Which is why it would be *very* useful to jail them as an example to 
the rest to get a clue.

In addition, the laws of agency dictate that the buck stops at the 
CEO and if he/she hires clueless people who create structures 
subject to data breach, then *they* are the ultimately responsible 
party.

In an arson for hire, not only do the arsonists get charged, but 
also the person who hired them. Should they (as the CEO of the 
enterprise) go free because they are not directly responsible? I 
think not.

Best,

Allen

(Sorry for the very delayed response - the original post got 
mis-filed.)
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml
Previous By Date Next
Previous By Thread Next

Current thread: