No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

A High Court Ruling That Could Reverberate Around the World

by Chris Olson
December 18, 2017
in Featured, Governance
U.K. and EU flags

The Potential Implications for U.S. Businesses

A recent High Court ruling in the U.K. holding a business responsible for the protection of personal data is a clear indication of which way the High Court will rule when the EU’s General Data Privacy Regulation (GDPR) goes into effect in May of 2018. These new data privacy regulations could impact businesses around the globe. Chris Olson, CEO of The Media Trust, outlines the implications for U.S. Businesses and what steps businesses should be taken now to protect the corporate brand and bottom line.

In a precedent-setting move, the High Court in the United Kingdom (U.K.) ruled that a company is liable for data breaches caused by employees, shedding insight into the future of data privacy regulatory enforcement. The speed and flexibility of today’s digital world require the adoption of risk strategies that address not only employee behavior but also the vendors executing on enterprise websites and mobile apps. The changing regulatory environment mandates better control of these digital assets and the role they play in collecting, storing and sharing consumer data.

The Case

In this situation, a disgruntled internal auditor for Morrisons, a U.K. supermarket chain, posted payroll data of almost 100,000 employees online and sent it to newspapers in an effort to purposefully damage the grocery store chain image. The case went to court when 5,000 employees filed a class action suit against the company and sued for compensation under the Data Protection Act of 1998.

While the High Court found that Morrisons was not legally at fault, the chain was found to be vicariously liable for the employee’s illegal acts. Though the Court agreed to allow an appeal, this initial ruling signals the intent to tighten the data privacy responsibility noose on corporates.

The Implications for US Businesses

The U.K.’s High Court findings against Morrison’s data breach is very telling for the future enforcement of data privacy regulations and standards. It’s clear that companies are ultimately accountable for the protection of consumer data, regardless of how it is collected, stored or accessed. And, the U.K. isn’t alone in this changing approach. Think of the global impact on digital data when the EU’s General Data Privacy Regulation (GDPR) goes into effect in May of 2018.

Imagine the difficulty of securing consumer data in today’s digital-first economy where organizations have no control over their websites and mobile apps, in which dozens, and possibly hundreds, of unknown vendors, not only execute, but also can covertly collect personally-identifiable information. To avoid regulatory scrutiny, enterprises need to update their vendor risk management strategies to include the digital environment, with specific attention paid to identifying all parties executing in websites and mobile apps. For most enterprises, this knowledge is limited to the software and hardware they purchase or license for use. Identification and control of these external resources are critical to developing a comprehensive security strategy for digital assets.

GDPR is a Digital Nightmare

With its complex, far-reaching nature, the upcoming GDPR regulation will prove to be a greater challenge for those organizations without a formal privacy or risk officer as it extends the definition or application of existing privacy norms. Not only does GDPR codify a penalty structure, but it also broadens personal data to include online identifiers (internet use and behavior) and applies it to the processing of any personal data while the individual is physically in the EU.

Many enterprises are still coming to grips with understanding the new regulations and haven’t made much progress in applying it to the dynamic nature of their digital environment. Regulations are difficult to enforce in the digital economy due to the ever-changing nature of web-delivered information and commerce. For the most part, large-scale enterprises that view their digital presence as a strategic channel (media publishers, e-commerce, travel, consumer banking, etc.) understand these complexities, but not necessarily the corresponding implications of GDPR. Their biggest challenge is connecting the (data) dots internally: advertising/revenue operations, website operations, security and privacy.

When Ignorance Isn’t Bliss

The evolving regulatory landscape will hit the U.S. shores in 2018, and prove to be a tiresome issue that will rise all the way to the CEO and Board of Directors. Senior leaders will need to be cognizant of their company’s risk and exposure, especially as it concerns their digital footprint, as the price for non-compliance could far outweigh the expenditure to put policies and procedures in place. While some companies think that enforcement of GDPR will be tough to carry out, it is still in the best interest of companies to use GDPR as a framework for establishing data privacy and security standards.

The best approach is to hammer out and implement a digital vendor risk policy that can be enforced through vendor contracts. This requires identifying all vendors—including third-party—executing on the corporate website, communicating your policy and blocking those that don’t comply. In the event of a digital breach in which customer data is exposed, corporations will be in a better place to defend themselves, especially if the cause is a wayward third party. While it may not be a complete panacea, a digital vendor risk strategy is a start towards protecting corporate interests as well as customers.


Tags: Data BreachGDPR
Previous Post

Stop Dragging Your Feet: GDPR Compliance Can Make You More Competitive

Next Post

How to Give Your Customers What They Want For Christmas

Chris Olson

Chris Olson

Chris Olson is CEO and Co-founder of The Media Trust, the global leader in continuously monitoring and protecting the online and mobile ecosystem. The Media Trust works with the world’s largest, most-heavily trafficked digital properties to provide real-time security, first-party data protection, performance management and quality assurance solutions that help protect, monetize and optimize the user experience across desktop, smartphone, tablet and gaming devices.

Related Posts

gdpr

UK Resurrects Data Protection Reforms, EU Court Rules on GDPR in Civil Cases

by Jonathan Armstrong and André Bywater
March 15, 2023

Recent courtroom and legislative action in Europe will likely have ripple effects around the world for companies subject to regulations...

data breach

Sobering Reality: Drizly Order Indicates Officers May Face Personal Liability for Data Breaches

by Baker Donelson
February 1, 2023

The FTC says Drizly’s CEO James Cory Rellas was alerted to a potential security loophole two years before a data...

eu flag

Preparing Your Company for the Latest GDPR Data Transfer Developments & Upcoming Deadlines

by Kevin L. Coy
November 30, 2022

An EU court decision and legislative moves in the U.S. and UK make compliance with privacy regulations increasingly difficult. Arnall...

minidata_b

Honey, I Shrunk the Data: How to Keep Customer Info on a Need-to-Know Basis

by Parker Poe
November 30, 2022

It may be tempting to hoard the data you have gathered on your customers, but an increasing number of regulations...

Next Post
Christmas tree office

How to Give Your Customers What They Want For Christmas

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT