Insights: Alerts Five Takeaways: How the SAFETY Act Can Help Protect Your Technology or Cybersecurity Business
Gunjan R. Talati, partner in the Government Contracts and Construction & Infrastructure Group recently presented at ING3NIOUS’ 2016 Cybersecurity, Privacy & Data Protection Retreat. Gunjan was on a panel titled “The Department of Homeland Security SAFETY Act, Cybersecurity & the Law: Parlaying a Risk Mitigation Program Into a Market Differentiator for Your Company” and discussed how the SAFETY Act could help cybersecurity and technology companies as both a liability shield and a market differentiator that could bring in
business. Takeaways from the presentation include:
- The Support Anti-Terrorism by Fostering Effective Technologies Act of 2002, or SAFETY Act, provides liability protection to a wide-range of technologies including cybersecurity products and services. Sellers of technologies can apply to receive a “Designation” or “Certification” from the Department of Homeland Security (DHS). A technology that receives “Designation” status receives liability protections such as exclusive jurisdiction in federal court for lawsuits related to an act of terrorism; no punitive damages; and
limits on non-economic damages. A technology receiving “Certification” status receives all the benefits of the “Designation” status but also gains the ability to assert the Government Contractor Defense in litigation resulting from an “act of terrorism” and is also recognized as “Approved Products for Homeland Security.”
- Despite offering such broad protections, participation in the SAFETY Act has been limited, particularly among technology companies including those providing cybersecurity solutions. The SAFETY Act does not contain limits on what types of technologies can receive DHS “Designation” or “Certification”.
- The protections of the SAFETY Act are activated in the event of an “act of terrorism.” What constitutes an “act of terrorism” is broad. With cybersecurity the new frontier in security and warfare, it’s not out of the question that a cyber incident could be declared as an “act of terrorism.”
- Companies can use a “Designation” or “Certification” status to increase business. One of the protections that the statuses afford is limiting the defendant in a lawsuit arising out of an “act of terrorism” to the seller of the technology. This effectively confers immunity on customers and clients as well as contractors that use the technology or help the seller deploy the technology.
- Pursuing a SAFETY Act designation doesn’t have to cost an arm and a leg. Most companies prepare the initial application by themselves and just incur the expense of a few hours of review from a qualified consultant or attorney to make sure everything is okay on the application.
Given the benefits of the SAFETY Act, there’s no reason why technology and cybersecurity providers throughout all industries shouldn’t consider pursuing an application. Indeed, should the worst ever happen, they may find themselves in the middle of burdensome litigation with little protection. If they had done the legwork, they could have had a powerful shield.
Gunjan R. Talati
While we are pleased to have you contact us by telephone, surface mail, electronic mail, or by facsimile transmission, contacting Kilpatrick Townsend & Stockton LLP or any of its attorneys does not create an attorney-client relationship. The formation of an attorney-client relationship requires consideration of multiple factors, including possible conflicts of interest. An attorney-client relationship is formed only when both you and the Firm have agreed to proceed with a defined engagement.
DO NOT CONVEY TO US ANY INFORMATION YOU REGARD AS CONFIDENTIAL UNTIL A FORMAL CLIENT-ATTORNEY RELATIONSHIP HAS BEEN ESTABLISHED.
If you do convey information, you recognize that we may review and disclose the information, and you agree that even if you regard the information as highly confidential and even if it is transmitted in a good faith effort to retain us, such a review does not preclude us from representing another client directly adverse to you, even in a matter where that information could be used against you.