Joseph J. Vacek


While questions related to UAS operations and use in government surveillance have been discussed at length, the legal ramifications of cybersecurity negligence and data breaches for UAS operators have yet to be addressed. In Part I, this article seeks to explore those areas by discussing the UAS data chain. Vulnerabilities in this data chain specific to UAS and in general are explored, followed by an examination of the state of the law related to the collection, use, retention, and dissemination of data. Part I concludes with an overview of current voluntary “Best Practice” documents offering guidance for collecting and managing data. Part II of this article applies Article III standing requirements and third-party liability limitations to the cybersecurity negligence and data breach issues. Existing federal law does not address liability for cybersecurity negligence or data breaches in UAS operations. This, combined with current interpretations of Article III standing requirements and a lack of a required standard of care for UAS operators to protect against cyber attack by third parties, results in the lack of a legal remedy for people whose private data is captured by drone and later compromised in a cybersecurity breach. Thus, it appears UAS operators are effectively shielded from liability for data breaches beyond the UAS operation and in flight data collection.



To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.