Korean media has reported that Korea’s 3 major credit card companies will face at least $96 Million in fines due to the recent massive data leak involving over 100 Million account holders.
This is the worst personal data leak in Korean history and perhaps the 3rd largest data leak on record. This follows on the heels of the massive Target and Michaels’ data breaches in the US as well. Both the Korean credit card scandal as well as the US retailer data hacking debacle shows how vulnerable many companies are to hacking and data theft.
In response to the recent major data leaks, the Korean regulatory agencies propose to tighten data privacy laws to include the imposition of criminal and punitive sanctions on corporate management in case of privacy law violations. In the US , the FTC is looking at increasing the scope of data privacy protection regulations as well. What does this mean for companies, whether public or private, doing business in the global marketplace?
Companies, regardless of size, will have to take measures to comply with more onerous and draconian data protection laws that government enacts in response to wide spread hacking or data theft. Management will have to take a more active role in protecting personal data as well as confidential data such as trade secrets, which will include allocating sufficient resources to protect data and to sufficiently train employees in monitoring and administrating data protection policies and procedures.
testosterone pills for men – website like this – brain fog causes – male enhancement – buy steroids online
This also will force companies to implement appropriate compliance policies as part of a risk management program that addresses not only data protection but corporate espionage, insider hacking and employee theft of data. All of these steps will have to take place over a short period of time to not only protect a company’s brand but to protect management from potential criminal liability. As the world gets smaller and as it gets easier for companies to have their computer systems hacked, management will have to place great emphasis on data protection in order to protect the company’s brand.
It is advisable therefore, that company managers start looking at cyber insurance and other insurance vehicles to potentially mitigate corporate risk as well as D&O insurance to protect directors and officers. As SOX has led to potential criminal sanctions, it is only a matter of time before many countries levy criminal sanctions against a company’s management for failure to adequately safeguard the personal information and data in its possession.
A company should immediately audit its IT systems to check on data privacy processes as well as confirm adequate measures are in place to protect the confidential information in its possession. If a company’s management has not paid attention to data privacy issues in the past it must now devote the attention and resources required to protect corporate data as well as the company’s reputation. The company’s brand is now at stake.