Journal Title

South Carolina Law Review





First Page


Document Type


Publication Information



Tort law is the best vehicle for allocating the risks and spreading the costs of database intrusion. It can incentivize database possessors (“possessors”) and data subjects to minimize the harm associated with breaches of database security while also balancing each party’s interests. Life is built upon computerized databases and the information of those databases is subject to hackers and other cyber-threats, which can cause catastrophic damage. It is hard to identify hackers; however, a better object for recovery is likely the possessors who fail to prevent or reveal a security breach.

The law governing database possessors’ liability is far from settled; however, possessors have a duty to: (1) protect the information stored; and (2) disclose evidence of breaches. These duties can arise out of statute, principles of tort law, or the fiduciary duty doctrine, with each of the source shaping the duty imposed on possessors and the scope of their potential liability. The scope of database possessor liability is judiciously limited by the Economic Loss Rule, limiting the scope of potential liability vested upon possessors to Security-Monitoring costs, a remedy that balances the interests of data possessors and subjects. Tort principles, when carefully applied to contemporary cybersecurity, can perform a key role in protecting the economic foundations of modern life.

Recommended Citation

Vincent R. Johnson, Cybersecurity, Identity Theft, and the Limits of Tort Liability, 57 S.C. L. Rev. 255 (2005).

Included in

Torts Commons



To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.