A recent event that made national news demonstrates the importance of protecting sensitive information, and serves as an important reminder to those (such as SAFETY Act participants) in possession of such materials to establish and implement effective policies and procedures for storing such information. In particular, following Super Bowl LII, CNN revealed that one of its employees had discovered copies of U.S. Department of Homeland Security (DHS) documents relating to the response to a simulated anthrax attack at the Super Bowl, along with "other sensitive DHS material," in the pocket of a commercial airplane seat. The documents were marked as belonging to DHS and as "For Official Use Only" and were found with the travel itinerary and boarding pass of a government scientist in charge of a DHS program—called BioWatch—that performed anthrax drills to prepare for the Super Bowl.
According to CNN, "[t]he reports were based on exercises designed to evaluate the ability of public health, law enforcement and emergency management officials to engage in a coordinated response were a biological attack to be carried out in Minneapolis on Super Bowl Sunday." In response to the discovery, DHS stated that the areas for improvement that had been identified in the draft reports had been addressed prior to the Super Bowl and that the exercise had not been conducted in response to any credible threat of a bioterrorism attack. A former DHS official further highlighted that exercises like the ones found in the reports are intended to identify holes in planning and preparedness in order to better prepare for any future response to an actual attack.
The SAFETY Act
For those who may provide security/anti-terrorism products or services, the SAFETY Act (Support Antiterrorism by Fostering Effective Technologies Act of 2002) provides significant liability protections for such companies and may be of interest.
When Congress passed the Homeland Security Act of 2002, it sought to encourage the development and deployment of anti-terrorism products and services, including those for cybersecurity, through the SAFETY Act. Thus, if your business manufactures and/or sells anti-terrorism technologies, or is one that develops and implements its own cyber or physical security program, the SAFETY Act may be an important risk mitigation tool for you. The SAFETY Act's framework can also provide added benefits to your customers. Therefore, the SAFETY Act not only protects your company from potential liability, but can also make you a more attractive provider to potential customers.
The SAFETY Act provides two primary levels of protection—Designation and Certification. Technologies and security programs that satisfy the Designation-level requirements receive many risk management protections, including liability caps, exclusive jurisdiction in federal court, and bars against punitive damages and prejudgment interest, to name a few. Technologies and security programs with the higher level of protection—Certification—receive all the benefits of Designation, with the added benefit of complete immunity from third-party liability arising from an act of terrorism. These benefits apply not only to sellers/suppliers of the covered technology and businesses with covered security programs, but also to their customers. In other words, end-users receive total third-party liability immunity from harm and damages arising from acts of terrorism for implementing a SAFETY Act Designated or Certified service or program, along with the downstream benefit of differentiating your organization in the marketplace. With these significant protections, SAFETY Act awardees can also often negotiate reductions to their insurance premiums, thus directly reducing your company's overhead expenses.
To limit your liability from terrorism through the SAFETY Act, your company must undergo an extensive application and review process, in which the technology or security program is evaluated according to key criteria. In addition to Venable's experience in navigating the SAFETY Act process, our attorneys can also advise your company on the legal nuances of protections received and modifications to your operations to maximize protection benefits and minimize other areas of exposure.