Avoiding negligence claims online
- 10 July, 2012 10:22
It could be an IT executive’s nightmare -- finding out the company website has been hit with a distributed denial of service (DDoS) attack and can’t be accessed by customers. Both customers and management are demanding to know what's happening. And worse still, there is evidence that customer data has been compromised. It's at that time that an IT security contingency plan begins to pay off.
For Middletons partner, Mark Feetham -- who specialises in ICT law -- having a contingency plan in place before the worse happens can help companies avoid loss of business or a potential lawsuit.
“Companies that fail to do any planning to address a DDoS threat may be exposed to a negligence claim if an attack is launched against it which causes a third party to suffer a security breach, data or privacy loss,” he says.
This IT security contingency plan could include taking proactive steps to ensuring that proper logging is configured in all security devices, so that in the event of an attack, the log data can be examined and handed over to law enforcement agencies.
In-depth: Legal issues in the Cloud.
In addition, having a security awareness program developed by the CIO and distributed to all staff members was needed.
“Education and awareness of security threats throughout any organisation is key to minimising threats and reducing risk,” Feetham says. He also warns that companies that use Cloud computing services may also be at risk as a DDoS attack could limit or preclude access by the company to its own data or business applications.
“Organisations considering Cloud computing as an option must carefully balance the issues against any identified cost saving associated with a switch to Cloud,” Feetham says. “Adequate due diligence on a prospective provider and careful consideration of the terms of the Cloud services contract are strongly recommended.”
Gilbert + Tobin's Andrew Hii says any negligence claim following a DDoS attack will be determined by what the company has done to protect its data.
“If the DDoS attack was to stop people from using that website to perform a transaction and those people suffered losses as a result there might be the potential for a negligence claim to be brought against the company,” he says.
Regardless of DDoS attacks, Hii adds that companies should make sure that any Cloud provider they go with has in place sufficient security measures.
“Insuring that any Cloud provider or outsourcer has best practice standards goes a long way to dealing with those risks,” he says, If the negligence case makes it to court, than having evidence which shows the company’s obligation to its customers is essential, according to Hii.
“Record keeping is just as important in any case where a company may be exposed to this kind of liability.”
This article and the comments within it should not be construed as legal advice. Follow Hamish Barwick on Twitter: @HamishBarwick
Follow CIO Australia on Twitter: @CIO_Australia
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- HTC unveils new Butterfly s phone that packs more battery life
- Google Glass apps for enterprises coming by early 2014
- iPad 5 rumour rollup for the week ending June 18
- Say 'cheese', Earthlings! Spacecraft to snap home planet pic from deep space
- Social media adds spice to financial services, say banks
Samsung Galaxy S4 vs. HTC One: 5 Reasons to Choose the GS4
High school students still see ICT as ‘sitting at a computer all day’: survey
Does encryption really shield you from government's prying eyes?
Solving the skills conundrum – part 1
"How many of the Fortune 500 companies have access to PRISM? https://en.wikipedia.org/wiki/Industrial_espionage ..."Australia suspected to have PRISM data: Ludlam
Customer Success - Slater & Gordon Lawyers
Lawyers work hard, and they work fast. Any activity that takes their focus away from the task at hand represents lost productivity and lost revenue. Slater & Gordon Lawyers needed to filter spam and email-borne malware and provide high availability for email. Results from the business solution they chose include 250 hours of IT staff time reclaimed annually for other tasks, long delays in email delivery alleviated, reduced email-related storage costs, and email failover to the cloud in minutes, avoiding hours-long outages. Find out how they got these results.
Six Reasons to Empower Your SharePoint Citizen Developers
More and more business applications are being created by “citizen developers” - end users who are not IT developers but who create solutions for themselves and their groups. This white paper explores six reasons to embrace citizen development in an intelligent way that minimises risks and maximises the return on your SharePoint investment. Read now.
How the Cloud Changes the Game for Line of Business Managers in Midsize Companies
It can be argued that what distinguishes midsize businesses most from large and small companies is not size, but attitude. While attitude alone cannot mitigate the challenges faced by midsize businesses, technology can help. And no technology offers more promise than the cloud. This paper, explores midsize business challenges from the perspective, not of the IT department, but of the line of business managers they support. Read on.