Journal Title

Journal of Internet Law





First Page


Document Type


Publication Information



Established tort principles carefully applied to the contemporary problems of cybersecurity and identity theft can perform a key role in protecting the economic foundations of modern life. Tort law offers an appropriate legal regime for allocating the risks and spreading the costs of database intrusion-related losses. It can also create incentives, on the part of both database possessors and data subjects, to minimize the harm associated with breaches of database security.

In considering this field of tort law, it is useful to differentiate three questions. The first issue is whether database possessors have a legal duty to safeguard data subjects’ personal information from unauthorized access by hackers or others. The second issue is if there is not a duty to protect computerized information from intruders, is whether a database possessor has a legal obligation to disclose evidence of a security breach to data subjects once an intrusion occurs. The third issue is how far liability should extend when the database possessor has failed to exercise reasonable care to protect data or to disclose information about an intrusion.

Numerous lawsuits have recently been filed against data possessors (such as banks and universities) by data subjects (such as customers and alumni) seeking damages for harm caused by breaches of data security. Whether and to what extent courts hold database possessors liable caused by improper data access are questions of huge importance. If those who make and interpret the laws too hastily conclude that database possessors are not liable for losses occasioned by unauthorized data access, important opportunities to reduce and distribute the costs of computerized technology will be lost. If liability is too readily assessed, important institutions will be adversely affected and with them the prosperity of modern society

Recommended Citation

Vincent R. Johnson, Data Security and Tort Liability, 11 J. Internet L. 22 (2008).

Included in

Law Commons



To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.