[Dataloss] CEOs deserve jail for data breaches
netsecurity at sound-by-design.com
Mon Jun 30 15:24:28 UTC 2008
> Putting a CEO in jail for a data breach would be ridiculous unless the
> person were directly responsible for releasing the protected information.
> Jails are already over crowded and this would not solve the problem.
> Generally, it's hard to find people more clueless about IT than a CEO!
Which is why it would be *very* useful to jail them as an example to
the rest to get a clue.
In addition, the laws of agency dictate that the buck stops at the
CEO and if he/she hires clueless people who create structures
subject to data breach, then *they* are the ultimately responsible
In an arson for hire, not only do the arsonists get charged, but
also the person who hired them. Should they (as the CEO of the
enterprise) go free because they are not directly responsible? I
(Sorry for the very delayed response - the original post got
More information about the Dataloss