The danger of indemnity claims from customers or business
partners whose data have not been kept safe by the hacked company
cannot be ignored. In the worst case, the company victimised by
cybercrime must prove it is not liable for data theft, data damage,
or cyber-spying. And in some cases it must prove it had an adequate
risk security system to prevent "hostile attacks". In
terms of civil law, preventive safeguarding and precautions against
cybercrime are ever more important.
Prosecution in Austria
Since the 2002 amending law in the follow-up to the Cybercrime
Convention of the European Council, it is also possible in Austria
(at least in theory) to prosecute the culprit. Under the Criminal
Code and the Data Protection Act, a number of criminal offences
(eg, fraudulent abuse of data processing, sniffing [unauthorised
recording or following] of phone calls and e-mails) bring fines and
custodial sentences of up to five years. But whether hackers will
ever be prosecuted depends on many factors. Often, the perpetrator
is unknown, untraceable, or had no intent to harm the victim. It is
also hard to establish intent of enrichment. There are, however,
experts in the State Offices of Criminal Investigation who
diligently prosecute cybercrime and it pays to file a charge
"against persons unknown" even when there are few clues
No criminal liability for companies
A hacked company has nothing to fear from the criminal law as
long as the offence did not originate from the company itself. Only
the culprits and their accomplices can be held accountable for
criminal acts. All cybercrime offences in Austria require
deliberate acts with the intent to damage and enrich. Negligent
omission to use preventive security measures is not a crime. And
with good reason: a criminal conviction always remains the last
resort. Yet a phone-hacking scandal like that of "News of the
World" would have been treated differently under Austrian
criminal law. If, for instance, the company gains an economic
advantage by means of criminal acts, or if the management has
knowingly tolerated or even commissioned the offence, both the
management and the company can be guilty of a crime.
This article was originally published in the schoenherr
roadmap`12 - if you would like to receive a complimentary copy
of this publication, please visit:
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
A US district court in New York has recently ruled that ReDigi, the operator of an online marketplace for pre-owned music downloads, is liable for copyright infringement.
In a decision earlier this month, a US district court in New York has ruled that ReDigi, the operator of an online marketplace for pre-owned music downloads, is liable for copyright infringement.
The processing of personal data is regulated by the Federal Act on Data Protection, its ordinances and by other laws.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”