Willkie Farr Discusses Personal Liability for Executives in the Wake of Cyber Incidents

A new and potentially significant tool in regulatory enforcement is emerging for executives whose companies suffer a cybersecurity incident.  The Federal Trade Commission (“FTC”), in a recently proposed Decision and Order, held James Rellas, the Chief Executive Officer (“CEO”) of Drizly LLC (“Drizly”), personally liable for presiding over the company’s failure to implement and apply appropriate information security practices, which led to a data breach resulting in the exposure of 2.5 million consumers’ personal information.[1]

The decision marks the first time a senior corporate officer has been found to have personal civil liability … Read more