Cybersecurity Breaches and Legal Liability Under Private Law

By: Guy Pessach

Issues related to cybersecurity breaches are increasingly occupying the attention of policy makers and legal scholars. Data protection breaches; informational privacy issues; online fraudulent activities, cyber-attacks and more are extensively discussed and at times are also dealt by particular scrutinized responses of legislators and regulators.

Regulatory responses to cybersecurity breaches are dealt through a variety of means, including: public law mechanisms (e.g. state regulation, such as standards setting and compliance requirements); criminal law (the imposition of criminal liability for certain conducts and actions) and private law mechanisms – the imposition of civil liability for harms that were caused due to cybersecurity breaches.

The purpose of this research project is to examine the interface of cybersecurity breaches and legal liability under private law.

The research project is expected to adopt a dual lens perspective: the first angel examines how current private law doctrines (both particular and general torts-based liability) response to cybersecurity breaches. In addition to a critical-comparative examination of current law, the research will examine whether there is a need for a legal reform, in private law, that will craft explicit norms for cybersecurity breaches. In addition to general torts liability aspects, particular legal branches to be examined include (as an inconclusive list): privacy law; consumer law; software and computer law; insurance law, trade secrets and intellectual property liability regimes.

The second angel of the research attempts to examine and shape legal policy based on field examination of particular industries in areas that are either related to cybersecurity or that raise cybersecurity concerns: software companies; cybersecurity companies; "the internet of things" companies; autonomous cars and more.

The goal is to obtain background knowledge about the conducts, incentive schemes, technological constraints (and virtues), of "real life players", as parameters that are fundamental for the design of legal policy in this area.

By studying the particulars of specific industries and areas of activities, the research aims at reaching detailed operational recommendations as for the scope of legal liability under private law doctrines.