In a blogpost for the U.K. Information Commissioner’s Office, Nigel Houlden, head of technology policy, wrote about the impact serious security flaws will have for data controllers.
Drawing upon Google’s Project Zero blog post detailing the security flaws posed by Meltdown and Spectre, Houlden said the ICO “strongly recommend[s] that organisations determine which of their systems are vulnerable, and test and apply the patches as a matter of urgency.
Failure to patch known vulnerabilities is a factor that the ICO takes into account when determining whether a breach of the seventh principle of the Data Protection Act is serious enough to warrant a civil monetary penalty.”
In the post, Houlden said implementing a privacy-by-design approach would help mitigate potential attacks.