Home
More about us
Our approach
What we do
Our people
News
Links
Contact us
Privacy

Latest News

Latest NewsArchived News

Page 29 of the Business News section of the Advertiser, Monday April 5, 2004

Virus law suit warning

By Cameron England

COMPANIES that fail to ensure their information technology systems are secure risk costly lawsuits.

Watsons Lawyers had advised that those businesses that do not have strict policies and procedures protecting against being affected by, or passing on, computer viruses, could be held liable for any damage.

This liability could extend to company directors, who could be held responsible for a breach of their duties if the company's performance were damaged, if there were loss of business, or in the likelihood of third-party negligence claims if viruses were passed to other companies.

The principal of Watsons Lawyers, Peter Watson, said appropriate IT security practices were as important as health and safety, sexual harassment and legal compliance policies.

"An employee who carelessly distributes a virus faces the possibility of dismissal, so why shouldn't a firm be liable for any loss or damage suffered by clients or customers if appropriate action has not been taken to deal with such viruses," Mr Watson said. "There are complex legal issues involved, and new ground may need to be broken in the courts. Nevertheless, the risk of a successful lawsuit should not be ignored."

IT expert Leif Gamertsfelder from Sydney law practice Deacons said it was not just viruses that were of concern. Companies were also obligated to provide a secure IT systems in areas such as e-commerce, online trading and anywhere else business-sensitive information was handled or stored.

"Directors have obligations under the Corporations Act to ensure (they provide) a secure trading or business platform," Mr Gamertsfelder said. "If things go wrong they may be in breach of their legal obligations to maintain that."

Mr Gamertsfelder said if a loss were sustained there were "many legal ways to skin a cat".

These include shareholders taking action against directors, negligence claims from third parties, or even action under the Trade Practices Act if a company made false representations about a system' security.

Mr Gamertsfelder said directors had greater understanding of their obligations and the legal requirements than before.

"For too long, responsibility has been delegated to IT managers," he said.

"That's a very poor model."

"Phase two was the responsibility ostensibly being with the board, but the board paying lip service to it."

"We are entering the third phase where the board has to be intimately involved in setting a template and delegating tasks".