Wednesday, January 20, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

A High Court Ruling That Could Reverberate Around the World

by Chris Olson
December 18, 2017
in Featured, Governance
U.K. and EU flags

The Potential Implications for U.S. Businesses

A recent High Court ruling in the U.K. holding a business responsible for the protection of personal data is a clear indication of which way the High Court will rule when the EU’s General Data Privacy Regulation (GDPR) goes into effect in May of 2018. These new data privacy regulations could impact businesses around the globe. Chris Olson, CEO of The Media Trust, outlines the implications for U.S. Businesses and what steps businesses should be taken now to protect the corporate brand and bottom line.

In a precedent-setting move, the High Court in the United Kingdom (U.K.) ruled that a company is liable for data breaches caused by employees, shedding insight into the future of data privacy regulatory enforcement. The speed and flexibility of today’s digital world require the adoption of risk strategies that address not only employee behavior but also the vendors executing on enterprise websites and mobile apps. The changing regulatory environment mandates better control of these digital assets and the role they play in collecting, storing and sharing consumer data.

The Case

In this situation, a disgruntled internal auditor for Morrisons, a U.K. supermarket chain, posted payroll data of almost 100,000 employees online and sent it to newspapers in an effort to purposefully damage the grocery store chain image. The case went to court when 5,000 employees filed a class action suit against the company and sued for compensation under the Data Protection Act of 1998.

While the High Court found that Morrisons was not legally at fault, the chain was found to be vicariously liable for the employee’s illegal acts. Though the Court agreed to allow an appeal, this initial ruling signals the intent to tighten the data privacy responsibility noose on corporates.

The Implications for US Businesses

The U.K.’s High Court findings against Morrison’s data breach is very telling for the future enforcement of data privacy regulations and standards. It’s clear that companies are ultimately accountable for the protection of consumer data, regardless of how it is collected, stored or accessed. And, the U.K. isn’t alone in this changing approach. Think of the global impact on digital data when the EU’s General Data Privacy Regulation (GDPR) goes into effect in May of 2018.

Imagine the difficulty of securing consumer data in today’s digital-first economy where organizations have no control over their websites and mobile apps, in which dozens, and possibly hundreds, of unknown vendors, not only execute, but also can covertly collect personally-identifiable information. To avoid regulatory scrutiny, enterprises need to update their vendor risk management strategies to include the digital environment, with specific attention paid to identifying all parties executing in websites and mobile apps. For most enterprises, this knowledge is limited to the software and hardware they purchase or license for use. Identification and control of these external resources are critical to developing a comprehensive security strategy for digital assets.

GDPR is a Digital Nightmare

With its complex, far-reaching nature, the upcoming GDPR regulation will prove to be a greater challenge for those organizations without a formal privacy or risk officer as it extends the definition or application of existing privacy norms. Not only does GDPR codify a penalty structure, but it also broadens personal data to include online identifiers (internet use and behavior) and applies it to the processing of any personal data while the individual is physically in the EU.

Many enterprises are still coming to grips with understanding the new regulations and haven’t made much progress in applying it to the dynamic nature of their digital environment. Regulations are difficult to enforce in the digital economy due to the ever-changing nature of web-delivered information and commerce. For the most part, large-scale enterprises that view their digital presence as a strategic channel (media publishers, e-commerce, travel, consumer banking, etc.) understand these complexities, but not necessarily the corresponding implications of GDPR. Their biggest challenge is connecting the (data) dots internally: advertising/revenue operations, website operations, security and privacy.

When Ignorance Isn’t Bliss

The evolving regulatory landscape will hit the U.S. shores in 2018, and prove to be a tiresome issue that will rise all the way to the CEO and Board of Directors. Senior leaders will need to be cognizant of their company’s risk and exposure, especially as it concerns their digital footprint, as the price for non-compliance could far outweigh the expenditure to put policies and procedures in place. While some companies think that enforcement of GDPR will be tough to carry out, it is still in the best interest of companies to use GDPR as a framework for establishing data privacy and security standards.

The best approach is to hammer out and implement a digital vendor risk policy that can be enforced through vendor contracts. This requires identifying all vendors—including third-party—executing on the corporate website, communicating your policy and blocking those that don’t comply. In the event of a digital breach in which customer data is exposed, corporations will be in a better place to defend themselves, especially if the cause is a wayward third party. While it may not be a complete panacea, a digital vendor risk strategy is a start towards protecting corporate interests as well as customers.


Tags: data breachGDPR
Previous Post

Stop Dragging Your Feet: GDPR Compliance Can Make You More Competitive

Next Post

How to Give Your Customers What They Want For Christmas

Chris Olson

Chris Olson is CEO and Co-founder of The Media Trust, the global leader in continuously monitoring and protecting the online and mobile ecosystem. The Media Trust works with the world’s largest, most-heavily trafficked digital properties to provide real-time security, first-party data protection, performance management and quality assurance solutions that help protect, monetize and optimize the user experience across desktop, smartphone, tablet and gaming devices.

Related Posts

man working on smartphone and laptop

Adverse Media Screening: Relying on Google Alone Can Expose Organizations to Risk

January 19, 2021
hand showing three fingers on gray background

A Culture of Compliance: The 3 R’s

January 19, 2021
2021 with light bulb in place of zero on orange background

Why 2021 is a Fresh Start for Compliance Training

January 18, 2021
challenge and solution concept with person standing at large gap

General Counsel Post-Pandemic: A Catalyst for Risk Fragmentation

January 18, 2021
Next Post
Christmas tree office

How to Give Your Customers What They Want For Christmas

Access realtime data

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management culture of ethics cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security internal audit KYC/know your customer machine learning monitoring regtech reputation risk risk assessment Sanctions SEC social media risk technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights