Can an organization be held liable for the failure of another organization to provide adequate cyber-security of protected information?
Absolutely, liability can exists under a number of established legal duties owed to a damaged-victim. Your organization may owe a duty to warm of the risk, a duty to supervise or manage another organization to comply with FISMA or similar duty. Your organization may have access rights to the protected information stored and maintained at the other organization and thereby be jointly responsible for the security of the protected information. These are just a few examples. An expanded discussion of this subject is available. See the Home page, click on the “Cyber Security Report.” [back to top] 12.
Related Questions
- Can a director, trustee, officer, or staff member of an organization be held personally liable for financial losses to a damaged-victim of a cyber-crime attack on their employer’s organization?
- In the event of a failure in the plumbing system, can the local jurisdiction be held liable for any errors or omissions if the local jurisdiction does the inspection?
- Can an organization be held liable for the failure of another organization to provide adequate cyber-security of protected information?