Share This Article
 |
| Privacy breach can trigger criminal sanctions also for companies |
The Italian criminal corporate liability regime for companies has been extended to privacy-related crimes, cybercrimes and credit card theft according to a law decree just passed by the Government.
ย
As previously reported, Italian law provides a very detailed regime of criminal liability for companies that works in parallel with the personal criminal liability regime for the individuals (e.g. directors, managers etc.) responsible in a company of the actions that caused the crime.ย In this respect, the extension of the criminal corporate liability regime especially to privacy-related crimes might have a considerable impact on companies’ operations.ย
ย
Indeed, privacy compliance hasย oftenย been considered as a mere cost that might be postponed, but, as a consequence of this regulatory change, it could be reach the top of the priorities list of managing directors of both Italian companies and foreign companies with Italian operations to which such liability regime could be extended.ย This is not only for the applicable fines that are up toย โฌ 774,500, but also because such sanctions are accompanied by the suspension or termination of public licenses such as gaming licenses and by the prohibition of advertising company’s products or services which consequently would block the entire operations of a company.
ย
The sole available defense to the risk that such crimes are challenged is first of all to perform a privacy compliance audit so that it is possible to identify the areas of lack of compliance and perform the necessary changes to align the activity of the company/group with the requirements provided by Italian privacy law.ย
ย
Once this is performed, Italian corporate criminal law requires to adopt an internal corporate model of organization and management of the company (or of the group if more companies are involved) aimed at preventing the performance of crimes for which corporate criminal liability can arise which include not only privacy related crimes, but also for instance corruption and IP rights breach, and the Government is continuously extending the applicable list of crimes.ย Such internal corporate model of organization shall, among others, provide for:
- the identification of the potential risky areas/persons and their modalities of operation;
- the implementation of an appropriate internal monitoring system to exclude/limit the potential risks; and
- the appointment of an Audit Entity that shall monitor the proper adoption of the model.
Some companies/groups are becoming aware of the relevance for their business of privacy compliance, but this change might speed up their decision process. In this respect,ย free to contact me,ย Giulio Coraggio, to discuss. Also follow me onย Twitterย and become one of my friends onย LinkedIn.
ย
Image courtesy of Flickr by Sean McEntee
ย
(Visited 1 times, 1 visits today)
