|
|
|
|
||||
|
||||
Notification of Data Security BreachesPaul M. SchwartzUniversity of California, Berkeley - School of Law Edward J. JangerBrooklyn Law School Michigan Law Review, Vol. 105, p. 913, 2007 Brooklyn Law School, Legal Studies Paper No. 58 Abstract: The law increasingly mandates that private companies disclose information for the benefit of consumers. The latest example of such regulation through disclosure is a requirement that companies notify individuals of data security incidents involving their personal information. In the wake of highly publicized data spills, numerous states have now enacted such legislation, and federal legislation in this area has also been proposed. These statutes seek to punish the breached entity and protect consumers by requiring that a breached entity disclose information about the data spill. There are competing possible approaches, however, to how the law is to mandate release of information about data leaks. This Article finds that a reputational sanction from breach notification can be important, but not for the reasons conventionally discussed. Moreover, a further function of breach notification is mitigation of harm after a data leak. This function requires a multi-institutional coordinated response of the kind that is absent from current policy proposals. To fill this gap, this Article advocates creation of a coordinated response architecture and develops the elements of such an approach.
Number of Pages in PDF File: 72 Accepted Paper SeriesDate posted: June 14, 2006Suggested CitationContact Information
|
|
|||||||||||||||||||||||||||||
© 2013 Social Science Electronic Publishing, Inc. All Rights Reserved.
FAQ
Terms of Use
Privacy Policy
Copyright
This page was processed by apollo1 in 0.343 seconds
