[Dataloss] CEOs deserve jail for data breaches

Allen netsecurity at sound-by-design.com
Mon Jun 30 15:24:28 UTC 2008

Jeff wrote:
> Putting a CEO in jail for a data breach would be ridiculous unless the
> person were directly responsible for releasing the protected information.
> Jails are already over crowded and this would not solve the problem.
> Generally, it's hard to find people more clueless about IT than a CEO! 

Which is why it would be *very* useful to jail them as an example to 
the rest to get a clue.

In addition, the laws of agency dictate that the buck stops at the 
CEO and if he/she hires clueless people who create structures 
subject to data breach, then *they* are the ultimately responsible 

In an arson for hire, not only do the arsonists get charged, but 
also the person who hired them. Should they (as the CEO of the 
enterprise) go free because they are not directly responsible? I 
think not.



(Sorry for the very delayed response - the original post got 

More information about the Dataloss mailing list