Every company has digital duties of care
Wednesday 05 April 2017 Today a guide on this topic for businesses is being published from the Cyber Security Council to the cabinet.
Every organization has the duty to – to some extent – take into account the interests of others, especially when the other is a more vulnerable party. This so called ‘duty of care’ also exists in the area of ICT. The Cyber Security Council (CSR) has observed that applying duties of care is complex, while at the same time it plays an important role in increasing the cyber security level of organizations.
That is why the CSR has handed over the ‘Cyber Security guide for businesses’ today to the cabinet. To give a better view of the duties of care that apply in the current legislation. Besides an exposition of different duties, also examples are given and a checklist about how these duties can be incorporated in daily practice. You can find the guide here.
The main message is that every company that uses ICT has duties of care in the area of cyber security. This duty of care touches both companies and consumers. The correct use of duties of care lies with the administrative level of an organization, or (with smaller companies) with the director.
A better completion of these duties of care by Dutch business is one of THE elements to make sure the Netherlands remains a ‘safe place to do business’ digitally. An inseparable part of this is the attention for privacy: ‘privacy is a licence to do business’.
CIO Platform Nederland
The CIO Platform Nederland has actively contributed in making this guide and sees the guide as a steady step towards a more balanced relationship between customers/users of ICT and the suppliers of ICT. We will organize a few meetings this year for our members and other ICT-users to talk about this. In this, we will work together with Nederland ICT, the association for ICT-suppliers.
On the radio
Today our chairman Marcel Krom (CIO PostNL) is questioned on BNR news radio during the 'BNR business' program on this topic: cyber crime and duties of care. Marcel responds to the statement that the Dutch business community does too little to cyber security and that the guide can ensure that a minimum level of system security is delivered.
Listen to the complete fragment here (in Dutch).