Government's online harms proposals put spotlight on personal liability for senior management
The UK government's proposed new regulations to fight illegal and harmful activities on the internet could have significant implications for risk managers, according to Airmic.
Last month, the government announced a consultation on its white paper, Online Harms, aimed at protecting society and individuals. Key recommendations include:
- A new statutory duty of care for companies to take more responsibility for the safety of their users and tackle harm caused by content or activity on their services;
- An independent regulator with a suite of enforcement powers to oversee and enforce compliance with the duty of care. The regulator could have the power to levy substantial fines on companies and impose liability on individual members of senior management.
"Internet safety is a serious and growing concern and it is right that businesses should play their part in tackling this issue," commented Airmic's technical director and deputy CEO, Julia Graham. "The government wants to encourage businesses to develop a culture of transparency, trust and accountability, which is something Airmic absolutely supports."
There are, however, several important questions unanswered, she added, including to which organisations it will apply and how "harms" will be defined. "Organisations no longer fit neatly into internet and non-internet firms so these distinctions are important."
The government is effectively putting the spotlight on decision makers in relevant organisations, which could have significant implications for risk and insurance managers.
A key question from an insurance stand point will be how the proposed law applies to individuals. Eleni Petros, FINPRO UK head of innovation Marsh JLT specialty, explains: "Laws such as the Bribery Act and proposed Data Protection Act make senior managers and decision makers liable if they have "connived" or "consented" to the offence.
"It is possible that the same sort of approach will be taken here, meaning that if a senior manager is aware of the publication online of internet harm, he or she could be prosecuted if deemed to have "connived" or "consented" to the offence. Individuals could face fines or a jail term."
In terms of insurance, it is not yet known if the government will propose civil or criminal penalties for decision makers, she added. "It is possible to insure the former but not the latter. However, defence costs are insurable under a D&O policy."
Risk managers should stay abreast of these developments, especially those in potentially relevant sectors, advised Ms Graham. "As the government itself has stated, this is a complex and novel area for public policy. Risk managers should be reviewing their policies and procedures, and asking whether they are taking effective steps to keep users safe online and whether rules and norms discourage harmful behaviour.
"It is clear that the government wants the UK to lead the way internationally and to promote a culture of continuous improvement among companies, rather than just complying with minimum requirements. Organisations should therefore take a proactive approach to this subject."
Airmic will respond to the government's proposals after a consultation with its members, which will include a member roundtable to discuss the design of the new regulatory framework and non-legislative package, as set out in the White Paper.