As a CIO, the bucks stops with you for matters pertaining to data breaches and compliance towards subsequent notifications.
Most countries today have stringent laws governing data breach notifications. These laws mandate government, private organizations and individuals who conduct business in any form to disclose any breach of private, confidential customer information by unauthorized third parties.
The penalties for failure to disclose such breaches may be huge. A few years back in the United States, the Federal Communications Commission (FCC) imposed a penalty of close to $10 million against two telecom businesses for holding personally identifiable customer information without adequate security measures. In Australia, the Mandatory Data Breach Notification (MDBN) law stipulates a fine of up to AU$1.8 million on organizations and up to AU$260,000 on individuals who fail to notify customers in case of data breach. For what itβs worth, Australia sees one of the highest number of data breaches in all of APAC.
More of the CIO.com article from Chris Low