Writing a Disclaimer...
does not exempt you from the legal consequences of losing or leaking my personal data.
I will still sue you, especially if my money and credit is involved.
Poor communication between boards and front-line management as well as a growing reliance on legal remedies mean UK companies are still falling short when it comes to cyber-security. A KPMG survey of FTSE 350 firms found that 61 per cent of board members reckoned they had a decent understanding of their company’s key …
One of William Shakespeare's most notable lines is "let's kill all the lawyers" from the play Henry VI, Part II.
But now, one retired US lawyer is trying to change people's interpretation of the famous line.
David Epstein says: "One interpretation is that's it's actually a compliment for lawyers... that's the one I'm stressing."
http://www.bbc.co.uk/news/entertainment-arts-28879259
Lawyers... because closing the stable door after the horse has bolted always solves everything.
Seriously... what happens when you have no corporate IT systems and you're being chased for payments left, right and centre? Do you think the HMRC would have any sympathy, lawyers or no lawyers?
Relying on lawyers in this situation is like saying you're not worried about leaving your front door open because you've got insurance. It doesn't help when you've got no clothes, no telly and no cooker.
Idiots.
"you're not worried about leaving your front door open because you've got insurance"
Back in February 2014, the BBC were reporting that many utility companies seemed to think that "cyber attacks" were something whose risks could be mitigated solely by having suitable insurance.
But when the insurance companies sent in assessors prior to taking on the insurance, the insurance companies didn't like what they saw at the utilities (insufficient precautions to prevent losses), and frequently declined to take the business.
http://www.bbc.co.uk/news/technology-26358042
Insurance is often the correct response for unlikely and unpredictable events.
You could spend X millions on securing your systems and still be hit OR your could find an insurer that will pay the Y million you lose if a one in Z million event happens and charge you a little more than Y/Z for taking the bet.
What would you suggest? The company fires everybody not directly involved in security - since any spending on anything other than security is obviously not "doing all they can"
What would you suggest? The company fires everybody not directly involved in security - since any spending on anything other than security is obviously not "doing all they can"
I would suggest using insurance as it is meant to be. Companies should fall back on it after having done everything they reasonably could to prevent the loss and things still went south. It should not be an either-or choice between prevention and insurance.
Speaking as a member of that profession that everyone loves to hate, this article is bang on. If your strategy for dealing with data breaches and attacks is to look to your lawyers to rescue you once it's happened, you are going to be disappointed. That's not to say we can't help with damage control, for instance by engaging with the ICO (and other regulators) and helping to navigate the contractual fallout. But really, prevention is so, so much better (and cheaper) than cure, and prevention needs engineers, which needs budget, which needs board buy-in.
If it helps to make the business case, engineers tend, rightly or wrongly, to be a fair bit cheaper than us lawyers.