Liability for Data Breaches are Minimal

vandon submitted a Security Focus bit about liability and identity theft. The article talks about a contractor's laptop containing a half a million records of private student loan information being stolen. The court ruled that since "Reasonable" precautions had been taken, the loan company need not be held strictly liable for their customers damages.

The number one reason companies loose lawsuits

[geekoid]

is a failure to follow policy.

Now the person suing the company needs to acuse the company of not following policy, and provide some sort of proof. Then the company cabn attempt to defend itself.

A reasonable man walked into a bar...

[MrNaz]

This actually makes sense, as the tort of negligence is a civil matter and where a defendant's (in this case the loan company) actions are being assessed, the law requires the standards of "the reasonable man" to be used..

Generally in cases such as this, the court will use the reasonable man test in a formulation which would likely sound like this: "would a reasonable man, in the position of the defendant with the same information and experience that the defendant can reasonably be expected to possess, have behaved in the same way".

It then comes down to the court hearing evidence from members of industry and other witnesses or even amici curi (meaning "friend of the court", which is a person who offers evidence but is not called officially by the plaintiff or defendant, and excuse me but my latin spelling is not that good). The judge then decides if the defendant acted the way a reasonable man should.

P.S., Yes i know the formulation of "reasonable man" is sexist, but hey, it's the law :P