BDO’s Privacy & Data Protection Practice Leader, Taryn Crane, was recently interviewed by Financier Worldwide about management liability in privacy and security. Her high-level insights are shared below. A link to the full article, published in the Risk and Compliance Magazine October – December 2024 Issue, is available at the bottom of this page.
Understanding the Current Landscape
In today's digital age, data protection is no longer optional—it's essential. Organizations recognize the importance of safeguarding their data, yet balancing resources and priorities remains a challenge. With cyber incidents on the rise and regulatory scrutiny intensifying, the stakes have never been higher. Failing to act proactively can lead to costly consequences, including hefty fines, reputational damage, and long-term financial burdens.
Legislative Measures and Enforcement
The global landscape of data protection is rapidly evolving. Since the introduction of the EU GDPR, many jurisdictions have followed suit with similar legislation. In the U.S., while a comprehensive federal privacy law is absent, state-level regulations are increasing. Regulatory bodies like the FTC are actively enforcing violations, emphasizing the need for transparency and accountability.
Leadership Accountability
The role of the board and C-suite in data protection is critical. Recent case law highlights personal liability for leaders in the event of data breaches. Demonstrating a commitment to privacy and security starts at the top, with leaders taking decisive action to mitigate risks and ensure compliance.
Building a Robust Data Protection Strategy
Senior management must prioritize data protection by:
- Employing experienced data protection leaders.
- Allocating adequate resources and budget.
- Enhancing data governance and due diligence programs.
- Understanding that outsourcing does not eliminate risk and investing in third-party risk management.
The Role of Cyber Liability Insurance
While not a substitute for a strong data protection program, cyber insurance is vital for offsetting financial losses. Companies must navigate coverage options carefully, ensuring policies align with their risk mitigation strategies.
Essential Advice for Directors and Officers
To navigate the complexities of data-related liabilities, directors and officers should:
- Make data protection a board-level priority.
- Appoint board members with data protection expertise.
- Regularly review program maturity and seek external assessments.
Looking Ahead
As cyber threats evolve, so must our strategies. The future will see continued regulatory developments and increased scrutiny on management's role in data protection. Organizations must act now to implement robust controls and demonstrate due diligence, ensuring they are prepared for the challenges ahead.
The article originally appeared in the October-December 2024 issue of the Risk & Compliance Magazine
© Risk & Compliance Magazine