I have just finished a short paper on Duty of Care, and how some aspects of it applies to the digital world. For instance, consider the following:
A staff member is traveling to a region of the world that is currently embroiled in factional warfare, and there is a higher than average risk of kidnappings. The staff member wants to share about her trip with her online following, and posts to her social media accounts a photo of her (detailed) itinerary for the ten day trip.
A staff member is traveling internationally and stops by an Internet cafe to catch up on business and personal correspondence. Unbeknownst to her, she has exposed herself to a high risk of identity theft because the Internet cafe computers were compromised with keyloggers and other malware
If the staff member’s organization did not have sufficient training to help them understand the risks of social media when traveling and basic computing security, they have opened themselves up to a duty of care negligence case.
You can read more about these issues in the paper, found here. [pdf]
Please feel free to contact me with any questions or comments that you may have.
-Josh
Defensive Depth 