Has responsibility and accountability been assigned for IT security and data privacy?

As a business, there should always be someone in place who is designated (and qualified) as the IT Security Officer (ISO).