Consider the following as potential duties of care:
- To implement “reasonable” security measures and systems on computer networks
- To have business practices that reduce the risk of external parties gaining access to data, both the company’s own and that of third parties
- To have policies and procedures within your organisation to assist in reducing the risk of security breaches, and how to minimise damage if one occurs
- To comply with, or having taken steps to comply with, external security and related standards
- To recognise the exposures created through a multi-level and party IT supply system, and to put in place appropriate measures to minimise exposure and to back up vital data
- To ensure statutory requirements like those under the Privacy Act are complied with
Imagine the potential number of duties of care the parties involved in the suggested scenario might owe. Consider the contractual mire that might exist between the various parties, and how those contracts may need to be reconciled.
Understanding the totality of your own business systems, the potential duties of care and who owes them to whom, and the contracts that relate to them, is becoming more and more a critical aspect of business and risk management. I expect them all to be put to the test in the very near future.
Sign up for CIO Asia eNewsletters.