Jail Time for Data Breaches?

man on computer

We were at lunch with a customer the other day and started talking about various privacy initiatives and upcoming regulations such as the California Consumer Privacy Act (CCPA) and some of the impacts of GDPR. The conversation turned to a lesser known data privacy regulation, the Cayman Islands Data Protection Law (DPL), which recently went into effect on September 30th, 2019.

The interesting aspect of the DPL is that it can carry a penalty of jail time in the event of a data breach along with a requirement to notify affected parties of the data breach within five days (slightly longer than the 72 hour GDPR notification requirement). Since this customer has some significant assets located in Cayman Islands, the DPL has become a very relevant discussion point in terms of addressing risks for their client data at the executive and board level.

We had a bit of laugh about who was going to raise their hand at the board level to do time, but joking aside, it does open the dialogue for the risks around data breaches and who is ultimately responsible. While I don’t think that jail time would be mandated in most cases unless there was some egregious mismanagement, it shows that the regulations are getting some more teeth. And just this week, Ron Wyden proposed jail time for CEOs in a US Privacy bill as detailed in this Infosecurity Magazine article.

We’re also seeing this translate into a certain amount of hesitance or trepidation from folks who may be in line for the Chief Data Officer (CDO) or Chief Privacy Officer (CPO) roles. After all, penalties and percentages of revenue are one thing, extended liability and prison time are clearly a different level.

At Baffle, we’ve worked to simplify encryption and data protection, so that compliance gaps can be shored up in an accelerated fashion and our customers are seeing those benefits. The solution today is protecting over 13 billion data records in production and growing. Schedule a demo with one of our security architects to learn how we can help protect your company’s data.

Join our newsletter

Schedule a Demo with the Baffle team

Meet with Baffle team to ask questions and find out how Baffle can protect your sensitive data.


No application code modification required


Deploy in hours not weeks


One solution for masking, tokenization, and encryption


AES cryptographic protection


No impact to user experience