Internet safety: organisations should consider appointing an Online Harm Officer, says Airmic and BLM

The government's proposals to tackle online harms has propelled internet safety up the corporate risk register, and organisations should be taking early measures to ensure they are prepared and up-to-date, according to Airmic and BLM in a joint report released last month.

In April, the government announced a consultation on its Online Harms white paper which sets out the government's plans for a world-leading package of online safety measures aimed at protecting society and individuals. Key recommendations include:

• A new statutory duty of care for companies to take more responsibility for the safety of their users and tackle harm caused by content or activity on their services;
• An independent regulator with a suite of enforcement powers to oversee and enforce compliance with the duty of care. The regulator could have the power to levy substantial fines on companies and impose liability on individual members of senior management.

The current proposals represent the "first step" on a journey that "could be a thousand miles", according to Airmic and BLM's paper, which provides members with information on the purpose and process of the legislation and offers advice on how they should approach this subject internally. Nevertheless, the "sheer scope" of the proposals are likely to "redefine the relationship between the government, the UK population, social media itself and the businesses which form part of its DNA," it notes.

Regardless of whether the new duty of care materialises as intended, or regulation proves as punitive as may be suggested, even a new self-regulatory environment will give rise to new risks, the report warns. Drawing parallels with GDPR preparations, it suggests that organisations may wish to consider appointing a "Harm Officer" to ensure they are fully prepared.

The government's consultation on its Whitepaper closed in July. Airmic wrote to the government in support of establishing in law a new duty of care towards online users, but urged clarity on the scope of the proposed legislation and warned against "mission creep" and "unintended consequences". The association believes there should be a "balanced approach" that recognises the need for some new regulation alongside other measures, including education and an element of self-regulation.

Although the legislative process has a long way to go, Airmic and BLM believe that organisations should already be taking initial steps to understand how they may be affected. These include:

1. Familiarise yourself with the government proposals and consider whether your organisation is likely to fall "in scope";
2. Use a multifunctional team (including legal, HR, IT, compliance, and risk and insurance) to consider the implications of your organisation being "in scope";
3. Consider how it may touch other stakeholders, including your supply chain;
4. Consider creating a single point of contact with responsibility for dealing with the new regulatory regime;
5. Consider to what extent your content and activities fall within scope and whether you wish to continue providing them;
6. Under the leadership of your Data Protection Officer, carry out a risk assessment, similar to a Data Protection Impact Assessment (DPIA), to get a clear idea of which activities may cause "online harm";
7. Map insurance cover to identify any gaps in coverage and any coverage which may protect them from future claims relating to "online harm", as well as clarifying the scope of cover for regulatory fines;
8. Monitor developments and brief your c-suite and board.

Click here to download the full report from Airmic and BLM.

Click here to read the government's Online Harms White Paper.

Click here to register for Airmic's Online Harms webinar on 18 December, 3pm.