The assignment of key personnel to oversee privacy and security issues is a great way to proactively address problems and maintain consistent practices throughout a product’s lifecycle. For large companies, there might be multiple people whose primary role is to protect privacy and security, including a chief privacy officer and/or chief information security officer, a dedicated privacy group, and specific members of each product team focused on privacy issues. But even two-person startups can benefit by making sure that someone is specifically responsible for thinking about privacy and security issues so that they aren’t ignored until it’s too late.
Target was hit with a class action lawsuit and widely criticized for its inadequate security practices after hackers stole credit card and sensitive personal information about tens of millions of customers.
Target failed to heed several warnings from its security monitoring tools specifically designed to detect an intrusion as information "gushed out of its mainframe." Security officials noted that the company’s lack of a Chief Security Officer and "security-oriented culture" rendered it incapable of adequately responding to the incident. As a result, Target’s profits and consumer trust dwindled while it incurred lawsuits and costs that "could run into the billions.”