Data Integrity Preservation and Identity Theft Prevention: Operational and Strategic Imperatives to Enhance Shareholder and Consumer Value
Kevin H. Govern
Ave Maria School of Law; California University of Pennsylvania; John Jay College
John I. Winn
Risk Management and Corporate Governance, Abol Jalilvand and A. G. Malliaris, ed., Routledge, 2012
Given the current risk environment, businesses are obligated to do their utmost to protect systems and ensure consumer confidentiality. Unfortunately, even the prudent and vigilant business entities may still be susceptible to data theft or other outside system intrusion. In this respect, sound corporate governance should include some degree of planning and preparation for worst-case scenarios.
There are several fundamental questions that every business should consider in order to effectively prepare for a breach of cybersecurity and ensure the integrity of stored data. For instance, in the event of a major system compromise, who bears the cost of system restoration or reimbursement? What about negative publicity, loss of goodwill, and lawsuits? What constitutes due diligence before and after a data compromise? What steps should management consider post-breach? What are the legal consequences to our business, customers, and other stakeholders, and should we purchase cyberinsurance?
This chapter seeks to provide answers to those questions, as well as to offer valuable suggestions for both individual private consumers and business entities on how to best protect electronic information. The first section of the chapter, “Part I,” addresses current infrastructure risks and the challenges associated with cyber insurance underwriting. The next section, “Part II,” will attempt to summarize the increasingly complex legal and regulatory landscape inherent in preserving data integrity and preventing identity theft. Finally, the last section, “Part III,” of this chapter will address the concept of “due diligence” and emphasize the importance of postbreach best practices that seek to protect revenue streams and customer goodwill while minimizing business disruptions and legal liability.
Keywords: Risk management, corporate governance, data integrity preservation, identity theft prevention, operational imperatives, strategic imperatives, shareholder value, comsumer value, cyberspace, cybercrime, cyberwarfare
JEL Classification: K10, K42.L14, L15, L20. L21, L50, L52, L86, L96, M10, M11, M50, M51, O30, O31, O32, O33, O34, P41
Date posted: August 14, 2012