Comment Neelie (Kroes)
Making speeches talk
[...] Third, remember the private sector owns and runs most of the infrastructure. So they must have the incentives to improve their own security. For example, businesses need proper risk management, to assess and mitigate risks. Of course - despite these measures - breaches, incidents or attacks might still occur. And if so, we'll still need safeguards. Prompt reporting means competent national authorities can react quickly to incidents, and minimise their impact. Such an obligation to notify security breaches already exists for the telecom sector. It should also encompass other sectors relying on critical information infrastructure, like energy, water, finance and transport.
The private sector should be treated with sticks as well as carrots. Currently a private company can merely apologies and change their Terms and Conditions on the fly for hacking citizens data (Path for instance, uploading entire address books), yet when a citizen attempts the same thing, they are put in prison or extradited to foreign lands. This is a very VERY uneven playing field.
We need safeguards and adequate PUNISHMENTS for business.
We need executives being put in jail for the hacking their companies conduct, just like ordinary Joe Citizen get put into jail for hacking. We need companies fined a large proportion of their revenues when they are found to have broken both the letter and spirit of our laws. These are the sticks which need to be enshrined so business realises its responsibilities.
A.Wood.B.Maven, 21/03/2012 18:53