Skip the navigation

E-mail exposure: Is your company liable?

Watch out! You may be responsible for gremlins in your corporate e-mail.

By Mary K. Pratt
August 8, 2005 12:00 PM ET

Computerworld - Brace yourself: You could be legally responsible for worldwide network security. OK, that may be an overstatement, but it does capture the essence of what's ahead. Companies that pass viruses, worms or any type of malware to other companies via electronic transmissions such as e-mail could find themselves in court, say legal and security experts. And they could be held liable for damage done, even if they unintentionally spread such cyberpests.
"There's very little question that it's going to come. The concept of due diligence has done nothing but push its way out into the consciousness of everyone in this country," says Charles Hibnick, chief systems security architect at AvMed Health Plans Inc., a health insurance company in Miami.
The stage is being set for such action, experts say. Federal laws, government agencies and private organizations are setting new standards for network and Internet security. Meanwhile, lawyers are testing various legal theories for punishing cyberspace criminals. And some companies with established relationships are signing contracts detailing security expectations that prohibit even the accidental transmission of malware.
Given all this, can litigation be far off?
"I do think we are looking at this type of litigation in the future. And I think it's going to happen sooner rather than later," says Rodger Cole, a litigation partner at Fenwick & West LLP in Mountain View, Calif.

E-mail Exposure
Image Credit: Emmanuel Kerner
In fact, some companies are already pursuing other businesses, albeit quietly, to recoup losses resulting from computer-related problems, says Julie K. Davis, executive vice president at Aon Affinity Insurance Services Inc. in San Jose and co-author of e-Risk: Liabilities in a Wired World.
Some cases involve companies inadvertently releasing viruses, worms and the like, she says. Others involve contractual liability in situations where companies had agreements to keep systems secure. Davis says these cases haven't wound up in court - yet - because executives prefer to avoid the media spotlight on such issues.

"You certainly have claims. What people usually do is turn it against their own corporate insurance policies," she says, adding that traditional policies generally won't cover such claims, however.
Dangerous Times
Given the state of electronic communications, the potential for getting into trouble is staggering.
"If you're operating on the Internet today, there is some level of constant attack activity," says Art Manion, an Internet security analyst at the CERT Coordination Center at Carnegie Mellon University's Software Engineering Institute.
Viruses, worms, Trojan horses, botnet zombies, distributed denial-of-service attacks, hacking, blended threats -- they're all out there, and many can hitch rides with e-mails and electronic transmissions, including instant messages.
"We're up to


Our Commenting Policies