Every time a large organisation reports to the public that they suffered a breach of data, it is always followed by the same standard response:-
We are sorry for the breach, and
We are investigating and are taking steps to mitigate future similar breaches
It is time that organisations offered more than an apology because the public is beginning to ask whether enough were being done by organisations to protect their customers data.
These organisations, in fact every of them, owes a duty of care to their customers when they asked for the details of these individuals.
Announcing that remedial actions will be taken e.g., contacting the individuals concerned, setting up helplines to provide assistance to those affected and announcing that the organisation is reviewing current data protection procedures and implementing best practice training courses will always fall short for the individuals whose personal details were breached.
The public in the western countries are now looking for organisations to address and tackle the real issues on why such breaches happen.
Was it because of human error? Survey and research has confirmed that majority of breaches are due to human error. If so, why these organisations did not take a proactive approach to address it by putting measures to prevent or minimise a breach from happening in the first place. Organisations should take this results as a wake up call.
Is it because organisations perceived this as too hard to mitigate and rather invest in technology? If so, these organisations failed to understand that technology goes beyond simply applying control but requires understanding and adoption by end users.
In the US where legal eagles will pounce on any opportunity to initiate class actions on behalf of potential plaintiffs, we would not be surprised to see in the near foreseeable future such class actions being filed against organisations that suffered a breach of their customers data.
This scenario is not impossible and could likely happen soon and when it does happen, organisations would have to say more than sorry to their customers for any breach as being done currently.