Disclaimers - the antivirus vaccine?
Disclaimers of liability and statements that the email in question has been virus-checked are now appended to business emails almost without exception. Whilst a prudent precaution, it should not be assumed that such statements would automatically protect a business for liability for transmitting a virus. Courts will always look at substance over form, so it is essential that any statement reflects practice -- it is not uncommon to see improbable claims that an email has been checked against "all viruses".
Wording of such disclaimers should be reviewed in the light of the business's actual level of anti-virus protection (how often is it updated ?) and recipients reminded of their need to screen incoming e-mails. Business to business disclaimers of liability are less likely to fall foul of unfair contracts legislation, but they should nevertheless be drafted with such constraints in mind.
Damage limitation and risk management - essential steps
• Choose an ISP which offers robust service levels and antivirus protection.
• Review your IT provider service level agreement and/or separate antivirus protection; ensure new patches are applied as a matter of priority.
• Implement an information security policy and keep it up to date.
• Implement a staff Internet and email policy, educate staff -- and enforce it!
• Review your insurance cover for e-risks.
• Review contracts with key suppliers and customers -- how would a major IT disruption be dealt with?
• Review the wording of email disclaimers and virus-check notices.
The Olswang view
We believe that the difficulty of bringing virus-spreaders to book means that it can only be a matter of time before a user attempts to pin liability on a tactical target such as its ISP or another user in the chain of communication.
• We do not believe it is in businesses' interests for the floodgates to be opened to such a broad duty of care, but it can only be matter of time before such litigation is seen -- so businesses need to take steps to guard against potential liability.
• Force majeure clauses and insurance policies should be reviewed to ensure they anticipate possible virus attacks.
• The prevention of virus attacks is better than cure. There are a number of legal as well as operational measures which businesses can implement to minimise the effects of future virus attacks. In particular, businesses must guard against the possibility of contributory negligence.
