Think we take security breaches in too lax a fashion? How would you fancy taking embattled BP chief executive Tony Hayward’s place and be publicly slammed for hours on end – only in this case, not for letting millions of gallons of oil leak out of your well, but for letting precious user data go missing or allowed to be misappropriated?
Most sane people would of course immediately see this as a completely horrific and unfair idea. Even some of our American cousins were uneasy at Hayward’s public lynching in front of a highly partisan US Congress last week.
But it’s an idea more or less seriously held by Chris McIntosh, CEO of security device company Stonewood Group. "The treatment the BP guy got was in some ways spot on as arguably the company deserved it," he told CBR. "If there are serious questions around company behaviour, leaders of firms quite rightly must be made to answer them."
Let’s be clear: McIntosh was not being horrible for the sake of it and the image of the CIO being grilled for public amusement was an image we came up with which he responded to. But his agreement that something like this nasty scenario was warranted is basically faithful to his campaign for leaders of firms to be much more severely sanctioned by the authorities for data breaches.
"Something has to be done to raise the awareness of the dangers and penalties around poor guarding and management of sensitive personal data," he says.
The context here is clearly a world where the UK privacy watchdog the ICO is constantly upbraiding organisations, both public and private sector, for hapless incompetence around their ‘custody’ of our most sensitive personal and financial information.
Yes, the ICO as of April just has more regulatory powers and there is at least a notional paper sanction now of larger fines, allegedly up to £500,000 per verdict of negligence.
But no-one yet seems to have taken that much notice and we still seem just as likely to be reading about our public servants practically handing USBs and laptops with the Trident launch codes on them to any passer by or fellow Tube user.
Stonewood says the only way security will be taken as seriously as it ought to be at the tops of companies is if Hayward-style kangaroo trials were more common. That is less likely, perhaps, than other name and shame ‘public information film’ style scary approaches (remember ‘The Spirit Of Dark And Lonely Water’? Donald Pleasance’s greatest part, maybe (shudder)?).
"We brought out a law saying we had to have seat belts but take up was slow, even though it was now the law," says Stonewood, whose firm’s encrypted data stores are used by firms like Ocado / Waitrose, Credit Suisse and SCS Computer Systems.
"It wasn’t until we had national, dedicated information drives around the reasons for seat belts and really pushed to drive up people’s awareness of the issues did we get proper take-up."
It’s a fair point. We do as both as a society and in business culture need to get much, much smarter about data integrity and security – especially as we now live so much on-line and as the coming Cuts can only really work if we as citizens do so much more transactions with government electronically than maybe some of us are used to.
But BP = flavoured BBQs on TV? No one likes that idea. But it may come, perhaps to a Parliamentary Select Committee or something like it, sooner than you think.
And maybe even nastier.
