This video from “Magic Circle” London firm Freshfields, Bruckhaus, Deringer illustrates how and why privacy compliance is much less costly than risking a cyber-attack, and some preemptive measures against such attacks.
Steps outlined to be taken are the following:
- Assess your businesses’s relevant information, where it’s at and how it is protected;
- Be joined (by a cross-functional committee) in managing risk;
- Have contractual protections, allocating and excluding liability if and where applicable, including insurance if possible;
- Readiness: rehearse responses.
The dire consequences of cyber-attacks have been illustrated in current affairs media by Sony’s settlement of a class action suit for the breach of its PlayStation userbase, as well as by the attack against Target, which even lead to the ousting of Board members, and more recently Home Depot’s.
You try and do the math as to which is more costly between investing in privacy compliance and having your business take its chances in an equation where the variable for the cost (financial and reputational) of a breach cannot be determined ex ante, but the laws do provide for parameters to assess fines.