The Consumer Data Security and Notification Act ammends Gramm-Leach-Billey Act to require disclosure of security breaches by the financial institutions.Cybersecurity rules similar to California’s Notice of Security Breach Act for institutions that maintain personal information have also been introduced.
The information Protection ans Security Act requires that data brokers “ensure data accuracy and confidentiality, authenticate and trach users, detect and prevent unauthorized activity and mitigate potential harm to individuals”.At the current situation the Bank is under Quite a great pressure which includes pressure of the government, clients, and media. So the bank has to take the wise decision taking into account all the mentioned factors so as to minimize the effect of the breach and avoiding the spoilation of the reputation of the bank in the market.As the personal data like contact number, credit card numbers, details of the account and even the recent transactions has been stolen, so under the intellectual property law, it is massive breach for an organization or even an individual and is a criminal offense which must result in the prosecution of the guilty.As per the legal obligation and regulations, there are the following things:First, emphasize the importance of enabling cubersecurity information sharing.Secondly, to report the data breaching to consumers if their personal information had been sacrificed, so that the consumers are aware of when they are in danger of identity theft.
So, in the above scenario bank is bound to these obligations.In the above scenario, ethical and professional responsibilty of the bank is to disclose to its customers about the breach transparently and about its impact also, so that customers can take proper action to avoid damages(both personal and monetary). It also shows the honestly and loyalty of the bank to the customers and proves that they are professionaly and ethically sound.
The CEO’s suggestion seems to be a legitimate one to prevent the criticism of the bank from government, customers and media. Also it will downsize the amount of negative reputation of the bank which it will have to face, if it discloses all the information related to the breach.but as we know that CEO is faking the facts and the truth is that all the information had been beached. So, in long term hackers may post more data about the customers and sooner or later, everyone will come to that bank lied about the information breached and if this really happens, it will lead to a legal action against the bank officials and will lead to the closing of the bank.The alternative solution can be to disclose all the breach information to the customers and fabricate some facts(real and virtual) to the media and government so that the reputation of the bank will not get spoiled by large amount.