Print Article

Data breach – one rule for one, one rule for another! What would happen at your organisation?


Rishi Sunak's decision to reappoint Suella Braverman six days after she was forced to resign for a security breach is facing new questions about the "multiple breaches of the ministerial code".

Was she lucky? Would you and your organisation be so fortunate?

Ignoring politics, imagine a different scenario.

  • A recently appointed Board member in a regulated global institution is alleged to have breached internal rules.
  • They  sent confidential and sensitive company documents from a "personal email", inadvertently copying an unintended recipient into the email
  • The Executive self-reported their actions which they say were a "technical infringement".
  • The CEO [HR/COMPLIANCE TEAM] says s/he has "addressed the issue".

What might the Executive or firm be at risk of?

❓An internal investigation?

❓A performance review?

❓Formal disciplinary proceedings?

❓A fitness and propriety re-assessment?

❓A regulatory probe into the firm's data security system and controls?

❓An internal review of usage of work and personal devices?

❓Losing stakeholder and the public trust and confidence?

❓A regulatory[s] fine? [FCA/ICO/OTHER?]

❓The sack following an act of gross conduct charge?


❓Could this have been avoided by more attention paid to the particular needs of the new executive – induction training?

Cyber-security training and culture is important for everyone