The legal obligation to report of IT security compromises presented at ITWeb 2014

by David Taylor,

Summary : Privacy legislation, stock exchange rules, and contract and common law all place obligations on companies to report security compromises. The Protection of Personal Information Act, for example requires that businesses report any ‘accessing’ or ‘acquiring’ of personal Information by any ‘unauthorised person’. What does this mean and how does it work? What is ‘unauthorised access’ from a legal and technical perspective? When must companies report IT security compromises, what must they report and to whom? This presentation will explore and discuss all these questions and more. less