Ireland: Company directors could be held liable for data breaches
Dick O’Brien reports:
A leading security expert at Eircom has warned that company directors could soon be held liable for the loss of sensitive information through security breaches.
Paul Dwyer, security GRC principal at Eircom, said that once the Irish government transposed the international Convention on Cybercrime into law, directors could be prosecuted if it was found they failed to properly secure customer information that was then stolen from them.
Read more on ThePost.ie.
Prosecuted as in crime? I don’t know if Dwyer was just trying to get their attention or if this is really likely to happen, but it’s certainly more likely to happen in Europe than in the U.S. We’ve already seen Google executives prosecuted criminally in Italy, and held liable in France, so this would not totally surprise me.
A company can indemnify its employees for civil matters and fines, but if there are criminal charges, well, all they can do is foot the bill for the legal defense. They can’t do the time for the executive.