Gunjan R. Talati, partner in the Government Contracts and Construction & Infrastructure Group recently presented at ING3NIOUS’ 2016 Cybersecurity, Privacy & Data Protection Retreat. Gunjan was on a panel titled “The Department of Homeland Security SAFETY Act, Cybersecurity & the Law: Parlaying a Risk Mitigation Program Into a Market Differentiator for Your Company” and discussed how the SAFETY Act could help cybersecurity and technology companies as both a liability shield and a market differentiator that could bring in business. Takeaways from the presentation include:

  • The Support Anti-Terrorism by Fostering Effective Technologies Act of 2002, or SAFETY Act, provides liability protection to a wide-range of technologies including cybersecurity products and services. Sellers of technologies can apply to receive a “Designation” or “Certification” from the Department of Homeland Security (DHS). A technology that receives “Designation” status receives liability protections such as exclusive jurisdiction in federal court for lawsuits related to an act of terrorism; no punitive damages; and limits on non-economic damages. A technology receiving “Certification” status receives all the benefits of the “Designation” status but also gains the ability to assert the Government Contractor Defense in litigation resulting from an “act of terrorism” and is also recognized as “Approved Products for Homeland Security.”
  • Despite offering such broad protections, participation in the SAFETY Act has been limited, particularly among technology companies including those providing cybersecurity solutions. The SAFETY Act does not contain limits on what types of technologies can receive DHS “Designation” or “Certification”.
  • The protections of the SAFETY Act are activated in the event of an “act of terrorism.” What constitutes an “act of terrorism” is broad. With cybersecurity the new frontier in security and warfare, it’s not out of the question that a cyber incident could be declared as an “act of terrorism.”
  • Companies can use a “Designation” or “Certification” status to increase business. One of the protections that the statuses afford is limiting the defendant in a lawsuit arising out of an “act of terrorism” to the seller of the technology. This effectively confers immunity on customers and clients as well as contractors that use the technology or help the seller deploy the technology.
  • Pursuing a SAFETY Act designation doesn’t have to cost an arm and a leg. Most companies prepare the initial application by themselves and just incur the expense of a few hours of review from a qualified consultant or attorney to make sure everything is okay on the application.

Given the benefits of the SAFETY Act, there’s no reason why technology and cybersecurity providers throughout all industries shouldn’t consider pursuing an application. Indeed, should the worst ever happen, they may find themselves in the middle of burdensome litigation with little protection. If they had done the legwork, they could have had a powerful shield.