Businesses, non-profit organizations and government agencies may be held liable for failure to safeguard sensitive information in their possession. The threat of liability creates incentives to improve security standards, but uncertainty about the required standard and its judicial application may result in under- or overcompliance. Perfect security is neither possible nor the goal of tort law, but where does the law draw the line? This article analyzes the legal standard of information security that must be achieved to avoid liability. A numerical example illustrates its implementation.
Date of this Version
Meiring de Villiers, "Information Security Standards" (September 2009). University of New South Wales Faculty of Law Research Series 2009. Working Paper 34.