Human Rights and Cybersecurity Due Diligence: A Comparative Study

No company, just like no nation, is an island in cyberspace; the actions of actors from hacktivists to nation-states have the potential to impact the bottom line, along with the human rights of consumers and the public writ large. To help meet the multifaceted challenges replete in a rapidly globalizing world—and owing to the relative lack of binding international law to regulate both cybersecurity and the impact of business on human rights—companies are reconceptualizing what constitutes “due diligence.” This Article takes lessons from both the cybersecurity and human rights due diligence contexts to determine areas for cross-pollination in an effort to provide firms with a more comprehensive view of due diligence best practices divorced from a particular technological or cultural context. In so doing, this Article uses the Guiding Principles on Business and Human Rights as a starting point, marrying this framework with the relevant cybersecurity literature and the overarching analytical framework of polycentric governance. Ultimately, this Article argues that organizations should take a wider view of enterprise risk management that combines their cybersecurity and human rights aspirations given the growing extent to which these fields are becoming interlinked under the umbrella of sustainable development.