Companies having international presence and business must keep in mind the regulatory compliance requirements of applicable jurisdictions as well. The companies located in United States have ignored the laws of other nations for long and they have not realised that they are required to keep in mind the laws of other jurisdictions. Now this indifference or ignorance of U.S. companies has started putting them in legal troubles.
Recently EBay declared that its systems were compromised by crackers in the past. However, just like other companies, EBay also failed to notify about the same to the law enforcement and regulatory authorities and the consumers in a timely manner. All it did was a belated suggestion to change the passwords. As expected three U.S. States are investigating EBay’s cyber security standards and cyber security breach disclosure practices. Similarly, Target Corporation was also attacked by cyber criminals in the past and as a result of that Target Corporation faced litigation threats around the world. Now EBay is also facing similar litigation threats.
U.S. companies cannot hide behind the veil of conflict of laws in cyberspace anymore. No company can know this much better than Google who is facing online defamation case in India and has to comply with the right to be forgotten in Europe. Now the Luxembourg and U.K. data-protection authorities may probe EBay regarding the cyber-attack that exposed passwords and personal information of consumers around the world, including India. Even Indian regulatory authorities may initiative an investigation against EBay to ensure that privacy rights and data of Indian citizens may not have been violated during the cyber breach.
Gerard Lommel, the head of Luxembourg’s privacy watchdog, said the regulator will decide next week whether to investigate the company over the data breach. U.K. Information Commissioner Christopher Graham said in a blog post that he is “actively looking at the situation with a view to launching a formal investigation”.
Luxembourg has already told EBay that it “will expect answers” over the breach. The country’s regulator would take charge of any data-protection investigation because it’s responsible “for all users that have signed a contract with EBay in Europe”, he said. “This is a big deal and we will for sure stay in close contact with our colleagues in other data protection authorities in Europe”, Lommel said. “The first steps will be to see where the risks now are and what the company’s plans are to remedy the situation”.