Fines key attention to data privacy from boards, says ICO head

Businesses don’t do things “because it’s the right thing to do”. They need to be driven into compliant behaviour. The threat of fines or other legal action focuses the board on “doing the right thing”…:

The threat of fines has done more to focus boardroom attention on data privacy and effective cyber-security than any other measure, says the head of the U.K.’s data regulator.

Elizabeth Denham, the U.K.’s information commissioner and chair of the Global Privacy Assembly, a body that aims to coordinate best practice and enforcement among data regulators worldwide, believes without the threat of significant fines, executives would simply not bother thinking of privacy—and particularly cyber-security—as a risk issue boards should be concerned about.

“Fines get directors’ attention, drive better behavior, and are an invaluable tool for any regulator,” Denham told attendees Tuesday at a Webinar on the need for privacy regulation organized by the International Association of Privacy Professionals. “How can you regulate without fines?”

[…]

Original article