Ignorance is no Defence for Failure to Encrypt
“In 2018, it is staggering that many businesses still do not encrypt their data, especially when the data is travelling
across public networks. Large data breaches are becoming the norm around the world. At least once a week we hear of a
significant data breach. Whether that be a breach of consumer data such as the Apple iCloud Breach in 2014; or national
security secrets such as in November 2016 an Australian defence supplier’s loss of the F35 Joint Strike Fighter and
other defence aircraft project information; or stolen business intellectual property, such as the leaking of Game of
Thrones episodes from HBO just last year. The fact is far too little data is encrypted and at a time when data breaches
are on the rise!”
“This notification of a consumer data breach puts the company, executives and its directors on notice – not just under
the Australian Privacy Act, but under corporations law and civil litigation. Unencrypted data is now just a lawsuit and
prosecution waiting to happen as consumers and businesses, whose data that has been accessed, are looking to the courts
to seek financial compensation for organisations negligent behaviour. In the USA, class actions are being prepared
against organisations and their executives. Of greatest concern to executives and directors is that it is not the
organisation alone held responsible, but its board of directors and executives are personally accountable and liable.”
“Data privacy security regulations are no longer just a compliance issue, nor are they just a privacy issue, they
involve financial and reputational damage caused by poor security practices. But what is not as well known is that
corporate law, in most jurisdictions, places substantial requirements on directors and executives to exercise due
diligence which encompasses cybersecurity. Board members and company executives are being placed on notice to ensure
they are doing all they can to ensure the privacy of their customers’, suppliers’ and partners’ data and their own
intellectual property and business data, such as encrypting sensitive data.”
“Today, company directors must ensure their business is encrypting all the sensitive data they handle, and ignorance
will no longer be an acceptable defence.”