FTC Brings Action Against CEO of Alcohol Delivery Company Over Data Breach (washingtonpost.com) 7
The Federal Trade Commission plans to take the rare step of bringing individual sanctions against the CEO of alcohol delivery company Drizly for data privacy abuses, following allegations that the company's security failures under his watch exposed the personal information of about 2.5 million customers. From a report: The proposed order will follow Drizly CEO James Cory Rellas to future businesses, requiring him to implement a security program at any companies he runs that collect information from more than 25,000 people. The order will also apply to the company itself, which is now a subsidiary of the ride-hailing service Uber. Under the terms of the FTC action, Rellas and Drizly will have to destroy unnecessary data, implement new data controls and train employees about cybersecurity.
In singling out Rellas, the FTC signaled it could use a wider range of tools to address data privacy abuses under the leadership of chair Lina Khan, who was widely expected to bring tougher oversight of the tech industry. The inclusion of Rellas follows a push from Democrats to more aggressively penalize individual executives involved in major data privacy breaches. Democrats on the commission previously criticized the agency's record-setting settlement with Facebook over the Cambridge Analytica data scandal because it did not name Facebook CEO Mark Zuckerberg.
In singling out Rellas, the FTC signaled it could use a wider range of tools to address data privacy abuses under the leadership of chair Lina Khan, who was widely expected to bring tougher oversight of the tech industry. The inclusion of Rellas follows a push from Democrats to more aggressively penalize individual executives involved in major data privacy breaches. Democrats on the commission previously criticized the agency's record-setting settlement with Facebook over the Cambridge Analytica data scandal because it did not name Facebook CEO Mark Zuckerberg.
At some point (Score:5, Insightful)
CEOs and other executives will be held criminally liable for actions their companies take. Imposing fines just isn't working since it's just the cost of doing business.
Re: (Score:3)
That has been my option for a long time. Simply imposing fines doesn't do squat. When laws are broken by a corporation that would send a normal prison. Ca
Case in point, the Exxon Valdez. If you or I had dumped 18 million gallons of oil into a protected sanctuary our asses would still be sitting in prison. An rightfully so.
Exxon on the other hand got a big fat ass fine that they got to pay over years, and nobody of any consequence went to prison. Evern the captain's conviction was overturned and
Re: (Score:2)
Re: (Score:1)
That's only for CEOs of small businesses. It will be a cold day in hell when a big bank CEO sees personal liability for anything company related.
Re: (Score:2)
Always the fault of some low-level engineers
Re: (Score:2)
CEOs and other executives will be held criminally liable for actions their companies take. Imposing fines just isn't working since it's just the cost of doing business.
This is exactly how it SHOULD work. A corporation is no more than a business entity controlled by a board of directors, if they were all held personally responsible for any and all actions taken by the corporation I think you'd see a lot more white collar whistle blowers weeding out the bad seeds.
IT staff needs PE powers so they can tell PHB fuck (Score:2)
IT staff needs PE powers so they can tell the PHB to fuck off when they try to rush deadlines / make them push out unsafe code