Material Vulnerabilities: Data Privacy, Corporate Information Security and Securities Regulation
Andrea M. Matwyshyn
University of Pennsylvania - Legal Studies Department
Berkeley Business Law Journal, Vol. 3, p. 129, 2005
This article undertakes a normative and empirical legal inquiry into the manner information security vulnerabilities are being addressed through law and in the marketplace. Specifically, this article questions the current legislative paradigm for information security regulation by presenting a critique grounded in information security and cryptography theory. Consequently, this article advocates shifting our regulatory approach to a process-based security paradigm that focuses on improving security of our system as a whole.
Finally, this article argues that in order to accomplish this shift with least disruption to current legal and economic processes, expanding an existing set of well-functioning legal structures is preferable to crafting new legal structures. Securities disclosure law is already focused on regulating the most connected points in our economy, publicly traded entities. Public companies provide a good starting point for spreading better information security behaviors because of this connectedness; disclosure of public companies' information security behaviors will assist them in maximizing shareholder value and will assist regulators in finding the inadequately secure points in our economy.
Number of Pages in PDF File: 74
Keywords: data information, security privacy, law securities
JEL Classification: k22, k39, k30, a14, l86, o32, o33, o34, o38, z10Accepted Paper Series
Date posted: May 23, 2006
© 2013 Social Science Electronic Publishing, Inc. All Rights Reserved.
This page was processed by apollo4 in 0.406 seconds