Cybersecurity remains a top priority for boards and senior
management across Canada and the United States. They are wise to
maintain this focus to protect the organization. Data is critical
to company value and strategy, and cyber attacks increase costs and
business interruptions.
However, there is also the individual factor: what risk of
personal liability exists for officers and directors following a
corporate cybersecurity breach?
There are of course legal protections for directors and officers
that shield or at least limit their liability. At the same time,
the common law has developed to allow plaintiffs to pierce the
corporate veil in some circumstances and hold individuals
personally responsible. In addition, statutory frameworks are
increasingly holding individuals personally for corporate
breaches.
Liability in Canada: growing exposure, no cases yet
While common law and statutory avenues exist to pursue
individuals for corporate data breaches, there have not yet been
any cases decided in Canada involving director and officer
liability for cyber incidents.
There are several federal and provincial regimes in Canada which
may expose directors and…
