28 Pages Posted: 18 Jun 2016 Last revised: 16 Sep 2017
Date Written: June 16, 2016
No company, just like no nation, is an island in cyberspace; the actions of actors from hacktivists to nation states have the potential to impact the bottom line, along with the human rights of consumers and the public writ large. To help meet the multi-faceted challenges replete in a rapidly globalizing world — and owing to the relative lack of binding international law to regulate both cybersecurity and the impact of business on human rights — companies are reconceptualizing what constitutes ‘due diligence.’ This Article takes lessons from both the cybersecurity and human rights due diligence contexts to determine areas for cross-pollination in an effort to provide firms with a more comprehensive view of due diligence best practices divorced from a particular technological or cultural context. In so doing, this Article uses the Guiding Principles on Business and Human Rights as a starting point, marrying this framework with the relevant cybersecurity literature and the overarching analytical framework of polycentric governance. Ultimately, the argument is made that organizations should take a wider view of enterprise risk management that combines their cybersecurity and human rights aspirations given the growing extent to which these fields are becoming interlinked under the umbrella of sustainable development.
Keywords: cybersecurity, cyber attack, human rights, Ruggie Framework, polycentric governance, Internet governance, due diligence
Suggested Citation: Suggested Citation
Shackelford, Scott, Human Rights and Cybersecurity Due Diligence: A Comparative Study (June 16, 2016). University of Michigan Journal of Law Reform, Vol. 50, 2017; Kelley School of Business Research Paper No. 16-47. Available at SSRN: https://ssrn.com/abstract=2796634