Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Compliance Alert: Employee carelessness causes most data breaches

At a Financial Industry Regulatory Authority Conference last month, regulators reportedly stated that they consider companies liable for breaches notwithstanding the types of technical or security models followed, regardless of whether the regulatory model placed the responsibility on the company or not.

While companies may not be pleased to hear about the additional or confirmed scrutiny by U.S. regulators, there may be some overall benefits.

For example, if a company was previously hosting data using a combination of different technical models in order to potentially avoid or minimize liability under U.S. regulations, it may now consider going with a single type of cloud-based model. This could potentially save a company a lot of money from an operational and technical perspective.

The message from U.S. regulators is clear that it is vital for organizations to have (and continue to ramp up) training and education around data privacy and security within their organization so that all employees and third parties are aware of the risks and potential exposure.

Increased security awareness and training has both short and long-term benefits. According to Infosec Resources, a recent study showed that over 80 percent of breaches are caused by employee carelessness. Not surprisingly, an educated staff not only increases compliance, but also reduces error, making it less likely for employees to make mistakes.

This is another great example of how the worlds of security and technology are colliding with legal and compliance initiatives. However, what is arguably more important is the potential outcome of increased collaboration across departments within organizations as a result of the continued pressure from regulators on data privacy.

Cross-department collaboration within an organization is really the key to effectively approaching the various elements and complexities involved in managing data privacy, and the message of accountability across the board with respect to the players involved in those elements pushes companies towards this approach. It is something all compliance professionals advocate for, but often times struggle to enforce.

The message from regulators and the dynamic structure of cloud-based systems in general provides opportunities for compliance professionals to work closely with technical departments to ensure alignment with cloud-based models that apply to due diligence screening tools, monitoring systems and any other programs used for purposes of running compliance programs. Further, it gives organizations a vested interested in having compliance work with both technical and human resources departments to ensure effective security training is implemented for employees and third parties. Perhaps this could lead to further collaboration in other projects and areas of an organization.

Beyond that, the other question the message from U.S. regulators begs is — will this bring us closer to a harmonized approach between the United States and EU?

Share this post


1 Comment

  1. They will be only one way to harmonize financial crimes:
    1. “The United Nation declare that any attempt to tax avoidance is a crime where all the parties involved (corporate leaders and related boards, financial institutions, lawyers, accounting institution & alter) will face substantial legal judiciary consequences including jail sentences and revoking business licences.
    Money is a good teacher on many problems!

    Mario Hakulinen
    Global Village resident

Comments are closed for this article!