The nation is in the midst of a torrent of major data breaches. The most recent breaches include the Ashley Madison breach, the Office of Personnel Management breach, and the theft of millions of dollars from small- to mid-size businesses. In addition to the financial impacts, the breaches include the release of personal-data including social security numbers, health and financial records, and other information. It is not always clear who perpetrates the hacks, but in the case of the OPM breach, the chief information officer (CIO), Donna Seymour – among others – has been sued for negligence, privacy violations, and other issues.
Lawyer up, CIOs. Not long ago, Chief Information Officers were seemingly insulated from damages caused by security breaches. No longer. In addition to career damage, it appears CIOs are now increasingly accountable – legally – for data breaches.
According to Jacob Frenkel, Chair of the Government Investigations and Governance practices at Shulman Rogers and a former federal prosecutor, a CIO’s legal defense needs to be much stronger than simply: “the funds were not available for security upgrades.” This is especially so when security risks have already been documented by auditors and other third parties.
According to Mr. Frenkel, implementation of an Information Security Management System (ISMS) is a necessary step towards protecting oneself.
Read the full article on Tripwire.