A UK High Court has held a company liable for the actions of an employee that leaked employee data in an attempt to harm the employer. This is a precedent setting case as it was not found that the company itself was at fault for handling their data. With the onset of GDPR next year, this ruling could signal the way the court would rule in other cases regarding data breaches. Robert Capps, VP and Authentication Strategist at NuData Security commented below.
Robert Capps, VP and Authentication Strategist at NuData Security:
“This unprecedented ruling by the UK High Court is a stark warning for businesses embroiled in data breaches. It raises the stakes involved since the company can still be held liable for the actions of one disgruntled employee and means, more-so than ever, the current measures in place for organizations to stop the damages from data breaches need a radical overhaul. Companies have the burden of making sure there are no vulnerabilities in their system, including those weaknesses employees can take advantage of. For this, changing the value of the data stolen could help discourage external and internal bad actors. Combining authentication techniques with more secure forms of online authentication such as passive biometrics will drastically reduce the value of the leaked data downstream after the breach, helping to keep organizations and customers safe from the disastrous fallout from a data breach.”