Abstract
Businesses, non-profit organizations and government agencies may be held liable for failure to safeguard sensitive information in their possession. The threat of liability creates incentives to improve security standards, but uncertainty about the required standard and its judicial application may result in under- or overcompliance. Perfect security is neither possible nor the goal of tort law, but where does the law draw the line? This article analyzes the legal standard of information security that must be achieved to avoid liability. A numerical example illustrates its implementation.
Disciplines
Law
Date of this Version
September 2009
Recommended Citation
Meiring de Villiers, "Information Security Standards" (September 2009). University of New South Wales Faculty of Law Research Series 2009. Working Paper 34.
http://law.bepress.com/unswwps-flrps09/art34
Comments
This paper has been accepted for publication by the Journal of Internet Law. This paper may also be referenced as [2009] UNSWLRS 34.