Rules, Standards, and Geeks
Derek E. Bambauer
University of Arizona - James E. Rogers College of Law
March 22, 2011
Brooklyn Journal of Corporate Finance & Commercial Law, Vol. 5, p. 49, 2011
Brooklyn Law School, Legal Studies Paper No. 223
Policymakers and scholars generally assume that information technology is best regulated using standards, not rules. This Article argues that rules are often the superior choice. Those favoring standards typically focus on the wrong problem: they seek to prevent data spills, rather than to mitigate their impact. Rules can helpfully reduce a breach's effects. For technology, rules are preferable when they can specify a minimum level of protection that is relatively effective; where obsolescence occurs slowly; and where monitoring implementation is low-cost and accurate. The Article sets out examples of where each type of approach is superior. Application design is best governed by standards, while the transport and storage of data, along with identification of access to information, are best dealt with via rules. The Article questions the prevailing consensus in favor of standards for regulating technology, and also seeks to create testable predictions about when rules will work better.
Number of Pages in PDF File: 15
Keywords: rules, standards, encryption, data security, privacy, technology, hacking, data spill, breach, mitigate, storage, application, design, efficiency, cost-effectiveness, informationAccepted Paper Series
Date posted: March 27, 2011
© 2014 Social Science Electronic Publishing, Inc. All Rights Reserved.
This page was processed by apollo1 in 0.328 seconds