The Growth of Cybersecurity Common Law Liability
Over at Security States, I have a post entitled "When Companies Are Hacked, Customers Bear the Brunt.
Published by The Lawfare Institute
in Cooperation With
Over at Security States, I have a post entitled "When Companies Are Hacked, Customers Bear the Brunt. But Not for Long" that details two recent Federal cases in which service providers were found potentially liable for tort injuries arising from their alleged cybersecurity negligence. Here's the opening:
One of the steps (or at least possible steps) along [the] continuum is the development of a common law doctrine of tort liability for consequential damages caused by inadequate or negligent cybersecurity measures. Legal developments in this area are hesitant and incomplete, but two recent decisions from the federal courts of appeals point the way toward the development of this doctrine. The cases both involve third party liability—that is, liability of a service provider to third parties for damages caused by the provider’s alleged negligence—and are a step short of the product liability doctrines that would be inherent in software design claims. So, the recent cases are of modest immediate importance—but they may be harbingers of the future.
Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company and a Senior Advisor to The Chertoff Group. Mr. Rosenzweig formerly served as Deputy Assistant Secretary for Policy in the Department of Homeland Security. He is a Professorial Lecturer in Law at George Washington University, a Senior Fellow in the Tech, Law & Security program at American University, and a Board Member of the Journal of National Security Law and Policy.