Prosecuting directors for information security failures

I’ve been of the view, for some time, that effective corporate information security will only come to pass when company directors are prosecuted, fined and jailed for failures to implement and maintain effective information security management systems.

Here are two stories that rather illustrate the point:

And it’s all actually quite straightforward – implement ISO27001, obey the Data Protection Act, and have happy customers, staff and regulators!