ARTICLE
26 September 2012

Hunting The Hacked Ones? Criminal Aspects Of Cybercrime In Austria

SA
Schoenherr Attorneys at Law

Contributor

We are a full-service law firm with a footprint in Central and Eastern Europe providing local and international companies stellar advice. As the go-to legal advisor for complex commercial matters in the region, Schoenherr aims to use its proximity to industry leaders, in developing practical solutions for future challenges. We keep a close eye on trends and developments, which enables us to provide high quality legal advice that is straight to the point.
The Austrian legislature has been striving for years for a proper criminal punishment of cyber criminals. But first the perpetrators have to be caught.
Austria Privacy

The danger of indemnity claims from customers or business partners whose data have not been kept safe by the hacked company cannot be ignored. In the worst case, the company victimised by cybercrime must prove it is not liable for data theft, data damage, or cyber-spying. And in some cases it must prove it had an adequate risk security system to prevent "hostile attacks". In terms of civil law, preventive safeguarding and precautions against cybercrime are ever more important.

Prosecution in Austria

Since the 2002 amending law in the follow-up to the Cybercrime Convention of the European Council, it is also possible in Austria (at least in theory) to prosecute the culprit. Under the Criminal Code and the Data Protection Act, a number of criminal offences (eg, fraudulent abuse of data processing, sniffing [unauthorised recording or following] of phone calls and e-mails) bring fines and custodial sentences of up to five years. But whether hackers will ever be prosecuted depends on many factors. Often, the perpetrator is unknown, untraceable, or had no intent to harm the victim. It is also hard to establish intent of enrichment. There are, however, experts in the State Offices of Criminal Investigation who diligently prosecute cybercrime and it pays to file a charge "against persons unknown" even when there are few clues at hand.

No criminal liability for companies

A hacked company has nothing to fear from the criminal law as long as the offence did not originate from the company itself. Only the culprits and their accomplices can be held accountable for criminal acts. All cybercrime offences in Austria require deliberate acts with the intent to damage and enrich. Negligent omission to use preventive security measures is not a crime. And with good reason: a criminal conviction always remains the last resort. Yet a phone-hacking scandal like that of "News of the World" would have been treated differently under Austrian criminal law. If, for instance, the company gains an economic advantage by means of criminal acts, or if the management has knowingly tolerated or even commissioned the offence, both the management and the company can be guilty of a crime.

This article was originally published in the schoenherr roadmap`12 - if you would like to receive a complimentary copy of this publication, please visit: pr.schoenherr.eu/roadmap.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More