Home > Reading Room > The legal side of cyber security

The legal side of cyber security

Written by Sam O'Toole on 25 August 2015

« Return to Reading Room

It has been held in the case of Federal Trade Commission v Wyndham Worldwide Corporation that failing to encrypt credit card information, or using passwords that are easy to guess for remote access to systems, is to be considered an unfair trade practice. The US appeals court confirmed that the Federal Trade Commission, under The Federal Trade Commissions Act 1914, has the authority to peruse companies that have inadequate cyber security.

In the case hackers breached the Wyndham Worldwide Corporations systems three separate times, the Federal Trade Commission sued alleging that the poor cyber security was an unfair trade practice. An example of the alleged unfair trade practice is that the username and password were both ‘micros’, it gets worse however when we learn that ‘micros’ is the name of the remote access software that was used.

With the recent leaks of personal data, such as the details of Ashley Madison users, cyber security has never been more paramount.

In the UK businesses should be aware of their legal obligations in relation to cyber security. The data controller of a business must comply with the Data Protection Act 1998, this includes the provision to inform the individual if the data is being processed by or on behalf of the data controller.

Businesses that are authorised by the Financial Conduct Authority have rules to follow. These include establishing and maintaining effective systems and controls, adequate risk management systems and strict reporting requirements.

The Privacy and Electronic Communications (EC  Directive) Regulations 2003, provides that public electronic communications service providers must take appropriate measures to safeguard the security of their services. If there are any breaches the Information Commissioners Office must be notified.

If your business needs help understanding the legal and regulatory requirements of cyber security, then do not hesitate to get in contact with Lawdit. 

If you'd like to know more about this article please send an email to Michael Coyle quoting the article title and any questions you might have, alternatively call the office number on 02380 235 979 or send an enquiry through our contact form.

Want to speak
to someone?

Complete the form below and we’ll call you back free of charge.

Visual Captcha