Should executives be held responsible for data breaches?
Equifax CEO Richard Smith Steps down amid hacking scandal
On 27 September, it was announced by the Board of Equifax that CEO Richard Smith amongst other executives had stepped down from their roles following the disclosure of a hacking scandal. It was alleged that the perpetrators gained unauthorised access to sensitive personal data held by Equifax, including social security numbers, birth dates and home addresses. Over 143 million Americans were exposed – nearly half the country’s population.
It was alleged that the hack was possible because Equifax failed to act on warnings to fix a software security problem.
Law Reform: Should executives be held accountable?
The story has been attracting attention for a reason other than just privacy breach. Those who were responsible face the prospect of walking free. Smith would be able to enjoy his retirement that includes a large pension and other executives would have the benefit of keeping the profit from the sale of stock that they transacted before publicly announcing the breach.
The policy question remains: is it fair for executives to walk free in the face of damage done to millions of Americans?
This was the subject of intense debate in the US Congressional Hearing in Washington which Smith attended on 3 October 2017. Many were of the view that it was not justified that executives not only avoid the repercussions but were able to leave with all the benefits. Sen. Elizabeth Warren pushed for legislative reform that penalises executives and companies that fail to take reasonable measures for cybersafety and that result in public harm.
On the other hand, Smith maintained that punitive measures are not ideal given that the company plays a ‘vital role in the economy.’
Whilst the Equifax hacking incident is primarily focused on accountability of fault-bearing executives, another message is clear. In today’s technologically advanced society, hackers are finding more and more ways to access private information. Therefore, especially for data-holding companies, this calls for more advanced countermeasures as well as tech-savvy personnel to reduce the risk of such occurrences taking place.
Let us know your thoughts on the Equifax scandal as well as the frailty of privacy by tagging us #lawpath or @lawpath
Tony is a legal Intern at Lawpath who is working with the contents team to provide legal insight for SMEs. With an interest in contract and business law he is currently completing his Finance and Law degree at the University of New South Wales.