Data breach – one rule for one, one rule for another! What would happen at your organisation?
Rishi Sunak's decision to reappoint Suella Braverman six days after she was forced to resign for a security breach is facing new questions about the "multiple breaches of the ministerial code". https://www.theguardian.com/politics/2022/oct/26/suella-braverman-return-after-security-breach-defended-by-james-cleverly
Was she lucky? Would you and your organisation be so fortunate?
Ignoring politics, imagine a different scenario.
- A recently appointed Board member in a regulated global institution is alleged to have breached internal rules.
- They sent confidential and sensitive company documents from a "personal email", inadvertently copying an unintended recipient into the email
- The Executive self-reported their actions which they say were a "technical infringement".
- The CEO [HR/COMPLIANCE TEAM] says s/he has "addressed the issue".
What might the Executive or firm be at risk of?
❓An internal investigation?
❓A performance review?
❓Formal disciplinary proceedings?
❓A fitness and propriety re-assessment?
❓A regulatory probe into the firm's data security system and controls?
❓An internal review of usage of work and personal devices?
❓Losing stakeholder and the public trust and confidence?
❓A regulatory[s] fine? [FCA/ICO/OTHER?]
❓The sack following an act of gross conduct charge?
❓Could this have been avoided by more attention paid to the particular needs of the new executive – induction training?
Cyber-security training and culture is important for everyone