A recent U.K. court ruling means that organisations can be held liable for breaches of personal data, even if the act was malicious and the company could demonstrate that it had suitable controls, policies and procedures in place to protect that information.
Organisations can also be held legally liable for malicious breaches and data hacks even if the regulator believes that no harm to anyone has occurred as a result.
