Imprisoned for Bad Data Privacy?

Introduction

Audits happen all the time after a successful cyber-attack. Various agencies, from all levels of government and all over the world, are beholden to their own data privacy regulation and laws. These come with repercussions if you are, even in part, found responsible for a data breach.

Consequences could include fines, lost business, bad reviews and even jail time!

Wait, Seriously?

Yes, it’s true. You could be charged with prison time if your noncompliance causes a data privacy leak.

Two years ago, tens of thousands of Finnish people were not just breached—their doctor’s office was full-on bankrupted. The Psychotherapy Centre Vastaamo in Finland was digitally ransacked and then blackmailed for information and money. When they were through with the company, threat actors then went directly after the patients and threatened to dox them if they didn’t pay hundreds of Euros.

Then it got even worse for the clinic. At the time of the attack, the reigning CEO was Ville Tapio. An investigation found that he was sufficiently at fault for the poor cyber-defenses that led to the organization’s downfall, and Mr. Tapio was served with a three-month prison sentence. Allegedly, he not only knew about the weak security structure and failed to bring it up to standard, but he also failed to report two previous breaches that the clinic had suffered in the two years preceding the 2020 blackmailing fiasco.

Other Repercussions You Face

It’s not always as dramatic as a prison sentence, although breaking some policies, like the U.S. HIPAA law, can incur up to ten years behind bars. Data privacy violations also carry jail time in Japan, the Phillippines, Australia, Thailand and Egypt—to name just a few countries that take online privacy very seriously. In Chile, data privacy has been protected as a human right by the constitution since 2018.

The consequences for failing to adequately protect the personally identifiable information in your care range from some bad posts about you online to spending decades of your life in prison. One thing is for sure: We’re all pretty serious about keeping our confidential data really private.

Conclusion

What PII do you manage, and how much control do you exercise over its protection in transit and storage? You could be held to some pretty high standards, with some pretty high risks if you don’t protect people’s personal data the way they deserve. When you entrust private information to a company, for whatever reason, you certainly expect them to treat it with care!

Depending on your job, where you live and whom you work with, you may have different roles and responsibilities within your company’s cyber-defense system. One thing is for sure: When 95% of data breaches are caused by human error, everyone needs to practice better cybersecurity in their day-to-day lives.

References

Related Posts