Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


In the eyes of the law what is the legal obligation of a developer to keep data secure on the web?

Posted on 2007-10-02
Medium Priority
Last Modified: 2010-08-05
What is the legal responsiblity of a web developer to keep data secure?

After a company has been informed verbally and in writing are there any legal obligation?  If the individual making the decisions does not understand the implications and they have been informed in writing, what are the legal responsiblities of the developer.

Question by:swansonplace
LVL 23

Assisted Solution

by:Erik Bjers
Erik Bjers earned 400 total points
ID: 19997363
I've noticed that you have posted multiple questions ont this topic.  It is my opinion that you contact a lawyer and get proper leagle advise as it appears that this has alredy happend.  If this has not happend you may want to do so me research in law books.


Expert Comment

ID: 19997412
Ditto with eb , This question cannot be answered properly on EE as Laws differ so much between countries.


Author Comment

ID: 19997840
I am in the process of conferring with some lawyers, but I also wanted a point of veiw of developers to see how they handle it.  I posted two seperate questions as one is aboutthe  data availablity, and the other about the obligations of a developer when building an inhouse security system.
LVL 18

Accepted Solution

PowerIT earned 1600 total points
ID: 19998720
This is indeed a question that has to be answered by specialized lawyers.
But in general I can assure you this: ultimately, top management is responsible! Ignorance is not a valid reason to not take responsibility as a management team. This is so for all business matters and decisions. Management should make sure it is well informed, either by it's employees or external sources. Since you even took the initiative to set this in writing to you mangement, you can certainly not be taken resposible if mangement does not act upon this. But even without that, it would not be your responsibility as a non-management developer.

Which country are you in?


Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ITIL has an elaborate incident management framework. This article serves as a starter for those who'd like to know more or need to suss out the baseline elements in a typical incident response execution plan on the "need to have" and the "good to ha…
If you are like me and like multiple layers of protection, read on!
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question