Infotech and the Law: Homeland security policy expands corporate liability

Richard Rector

In the post-Sept. 11 world, corporations must confront numerous liability issues
related to terrorism. One is the liability of the corporation, its directors and officers
for business decisions related to a company's preparedness for terrorist attacks.

SIZE="2">In the National Strategy for Homeland Security, released in July, the Bush
administration placed responsibility for certain terrorism-related planning squarely on
the shoulders of American business, recommending that businesses "conduct risk
assessments on their holdings and invest in systems to protect key assets." The White
House stated such action is not simply sound corporate governance and good corporate
citizenship, but "an essential safeguard of economic assets for shareholders,
employees and the nation."

Similarly, in the recent draft of
the National Strategy to Secure Cyberspace, the administration described cybersecurity as
a "management challenge" requiring senior leadership within an organization,
including the close attention of the corporate board of directors.

strategy stated: "Considering security only after an incident has occurred places the
business, the customers and even the country at risk. In contrast, effective governance of
cybersecurity promotes growth, productivity and shareholder confidence."

SIZE="2">Thus, the White House has characterized terrorism-related planning as a corporate
governance issue. This is important, because it suggests that corporate decision-makers --
whether directors or officers of large, publicly held corporations or of small private
companies -- may face increased liability for decisions relating to counterterrorism and

Generally, the directors and officers of a corporation
owe fiduciary duties to both the corporation and its shareholders. One of these duties,
the duty of care, requires that directors and officers act in good faith, with the care
that an ordinarily prudent person would exercise under similar circumstances, and in a
manner that the officer or director believes to be in the best interest of the

More specifically, the duty of care has two
components: decision-making and oversight. In making business decisions, directors and
officers have a duty to protect corporate assets and minimize exposure to third-party
liability. In the exercise of oversight obligations, directors and officers are
responsible for monitoring the corporation's business, policies and procedures with regard
to compliance with applicable law.

Corporate directors typically
are protected against liability for their business decisions by the so-called business
judgment rule. As stated by the Delaware courts, this rule is based upon "a
presumption that in making a business decision, the directors of a corporation acted on an
informed basis, in good faith and in the honest belief that the action taken was in the
best interest of the company."

The business judgment rule may
not, however, protect directors from liability if they have made ill-advised or negligent
decisions, or if a director has abdicated his or her role through inattention and lack of
involvement. A director may face personal liability for corporate inaction if he or she
was fully informed and attentive with regard to a particular risk, but failed to take
appropriate action.

Thus, given the continuing threat of
terrorism, a corporation's effort, or lack of effort, in assessing vulnerabilities and in
implementing security measures may have significant legal consequences.

SIZE="2">We advise corporate clients to take steps in four areas: protecting employees,
visitors and facilities; protecting shareholders; complying with security-related laws;
and protecting directors and officers. In addition, companies must assess
industry-specific risks and obligations.

The bottom line, as the
Bush administration has suggested, is that no corporation can afford the status quo on
security issues. A thorough liability assessment should be performed to ensure informed
and considered decision-making.

Richard Rector is a partner in the
Government Contracts Group of Piper Marbury Rudnick & Wolfe LLP in Washington. His
e-mail is richard.rector@

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.


contracts DB