Executives Must Get Down and Dirty with Cyber Security Daily Journal
By Hsiao (Mark) C. Mao & Jonathan H. Yee
Corporate executives often delegate cybersecurity matters to lower management. In the age of high-profile breaches, however, this is risky. There is increasing scrutiny of all involved in the collection, handling, processing, safeguarding, use and destruction of personally identifiable information (PII). Until there is greater clarity in the law, executives may benefit from participating directly in the selection of the technological, physical and administrative safeguards of their organizations.
The Federal Trade Commission demonstrated that it is not afraid to take executives to the mat in FTC v. Kristy Ross, 897 F.Supp.2d 369 (D. Md. 2012). There, the FTC alleged the executive, Ross, and her company tricked consumers by claiming that a scan of their computers had revealed viruses, spyware, system privacy issues and pornography – prompting consumers to purchase security software. After advertising networks began to receive complaints, the defendants allegedly continued to advertise using sham names.