Just about every day there’s news of a different company getting hacked and customer information being stolen, but now those companies could also face a fine.
A U.S. appellate ruling this week allows the government to fine businesses with weak security practices that fail to protect their customers.
“If they’re deficient there should be sanctions,” said Richard Parry, an international fraud risk and solutions specialist and principal at Parry Advisory.
A federal appeals court ruled the Federal Trade Commission now has the power to take action against companies that don’t secure their networks.
“I think it’s fundamentally good if it holds organizations to comply with generally accepted standards and practices,” Parry said.
The decision comes after the FTC originally sued Wyndam hotels in 2012 after the company’s worldwide system was hacked three separate times between 2008 and 2009. This resulted in $10.6 million in fraudulent charges and affected more than 600,000 customers.
Since then the hacking threat has seemingly only gotten worse, as a string of businesses have tried to recover from the hacking and stealing of highly-guarded internal information and most importantly, customers’ private data.
“We live and die by data,” Parry added. “That same data facilitates our lives.”
Just last week hackers published the private data of customers of Ashley Madison – a dating site for married men and women who cheat on their spouses. The data breach exposed more than 37 million users.
“Events like Ashley Madison may force us to have new conversations about our privacy and whether indignation about our privacy is appropriate,” Parry said. “Or whether new models of identity identification and credentialing are appropriate.”
Users of the website have filed four separate federal lawsuits – in California, Texas and Missouri –against Ashley Madison.