Definition: Organizations can incur legal liability for mishandling confidential information. At least, an organization needs to practice due diligence. Customers have already filed suit against companies for the disclosure of personally identifiable information. Infrastructure owners are increasingly being required to pay out awards and fines for damages caused by security breaches. State and federal governments have recently passed their own laws related to securing information and many of the regulations are accompanied with fines for failing to comply. International requirements and fines for failing to comply are even more stringent. Some states, such as Florida, even have their own privacy laws.
Its Relevance: Our modern society is litigious. Owners of information systems find their infrastructures increasingly linked with others and at more risk. Infrastructure owners must provide the security measures that a "reasonable and prudent person" use in the same or similar set of circumstances. A company, in some states, may even find itself having violated the law.The concept of suffering financial liability for the actions of malicious users is known as "down stream liability".