Cybersecurity, Identity Theft, and the Limits of Tort Liability: Difference between revisions
(New page: ==Full Title of Reference== Cybersecurity, Identity Theft, and the Limits of Tort Liability ==Full Citation== Cybersecurity, Identity Theft, and the Limits of Tort Liability (bepress Le...) |
|||
| Line 26: | Line 26: | ||
Outline: | Outline: | ||
I. The Vulnerable Foundations of Modern Society | |||
II. The Duty to Protect Database Information | II. The Duty to Protect Database Information | ||
A. Statutes Legislatively Creating a Cause of Action | A. Statutes Legislatively Creating a Cause of Action | ||
B. Statutes Judicially Determined to Set the Standard of Care | B. Statutes Judicially Determined to Set the Standard of Care | ||
1. The Gramm-Leach-Bliley Act | 1. The Gramm-Leach-Bliley Act | ||
2. State Security Breach Notification Laws | 2. State Security Breach Notification Laws | ||
C. Basic Tort Principles | C. Basic Tort Principles | ||
1. Palsgraf, Kline, and Related Cases | 1. Palsgraf, Kline, and Related Cases | ||
2. Public Policy Analysis | 2. Public Policy Analysis | ||
3. Voluntary Assumption of Duty | 3. Voluntary Assumption of Duty | ||
D. Fiduciary Obligations | D. Fiduciary Obligations | ||
III. The Duty to Reveal Evidence of Security Breaches | III. The Duty to Reveal Evidence of Security Breaches | ||
A. Statutory Duties | A. Statutory Duties | ||
B. Basic Tort Principles . | B. Basic Tort Principles | ||
1. General Duty or Limited Duty | |||
2. The Obligation to Correct Previous Statements | |||
2. The Obligation to Correct Previous Statements | 3. Conduct Creating a Continuing Risk of Physical Harm | ||
3. Conduct Creating a Continuing Risk of Physical Harm | C. Fiduciary Duty of Candor | ||
C. Fiduciary Duty of Candor | IV. Limiting Cybersecurity Tort Liability | ||
IV. Limiting Cybersecurity Tort Liability . | A. The Economic-Loss Rule | ||
B. Emotional-Distress Damages | |||
C. Security-Monitoring Damages | |||
B. Emotional-Distress Damages . | V. Conclusion: Security in Insecure Times | ||
V. Conclusion: Security in Insecure Times | |||
Revision as of 16:43, 17 June 2010
Full Title of Reference
Cybersecurity, Identity Theft, and the Limits of Tort Liability
Full Citation
Cybersecurity, Identity Theft, and the Limits of Tort Liability (bepress Legal Series. Working Paper 713, 2005). Web
Categorization
- Issues: Incentives, Information Sharing/Disclosure, Privacy
- Approaches: Regulation/Liability
Key Words
identity fraud/theft, communications privacy law
Synopsis
This article considers to what extent database possessors (such as credit card companies and universities) can be held liable for harm caused to data subjects (such as consumers, applicants, and alumni) when information relating to those persons is hacked or otherwise subject to improper access. Addressing common-law and statutory sources (including new legislation in 17 states) the article clearly differentiates the duty to safeguard data from the duty to notify data subjects that the security of their information has been breached. By analogy to the “medical-monitoring damages” which some states award in toxic-exposure cases, the article argues that “security-monitoring damages” should be available in database-intrusion cases. More specifically, the article proposes that, in cases of ordinary negligence, the interests of society will be best served by limiting recoverable economics losses to the cost of security-monitoring damages once a database possessor discloses to the affected individual the fact that data has been improperly accessed. This approach will encourage database possessors to discover and reveal instances of data intrusion. It will also place data subjects in a position to protect their own interests by monitoring their economic and personal security when there is heightened vulnerability.
Additional Notes and Highlights
Outline:
I. The Vulnerable Foundations of Modern Society
II. The Duty to Protect Database Information
A. Statutes Legislatively Creating a Cause of Action
B. Statutes Judicially Determined to Set the Standard of Care
1. The Gramm-Leach-Bliley Act
2. State Security Breach Notification Laws
C. Basic Tort Principles
1. Palsgraf, Kline, and Related Cases
2. Public Policy Analysis
3. Voluntary Assumption of Duty
D. Fiduciary Obligations
III. The Duty to Reveal Evidence of Security Breaches
A. Statutory Duties
B. Basic Tort Principles
1. General Duty or Limited Duty
2. The Obligation to Correct Previous Statements
3. Conduct Creating a Continuing Risk of Physical Harm
C. Fiduciary Duty of Candor
IV. Limiting Cybersecurity Tort Liability
A. The Economic-Loss Rule
B. Emotional-Distress Damages
C. Security-Monitoring Damages
V. Conclusion: Security in Insecure Times