  |
|
|
||||
|
||||
Notification of Data Security Breaches
Paul M. Schwartz UC Berkeley School of Law Edward J. Janger Brooklyn Law School Michigan Law Review, Vol. 105, p. 913, 2007 Brooklyn Law School, Legal Studies Paper No. 58 Abstract: The law increasingly mandates that private companies disclose information for the benefit of consumers. The latest example of such regulation through disclosure is a requirement that companies notify individuals of data security incidents involving their personal information. In the wake of highly publicized data spills, numerous states have now enacted such legislation, and federal legislation in this area has also been proposed. These statutes seek to punish the breached entity and protect consumers by requiring that a breached entity disclose information about the data spill. There are competing possible approaches, however, to how the law is to mandate release of information about data leaks. This Article finds that a reputational sanction from breach notification can be important, but not for the reasons conventionally discussed. Moreover, a further function of breach notification is mitigation of harm after a data leak. This function requires a multi-institutional coordinated response of the kind that is absent from current policy proposals. To fill this gap, this Article advocates creation of a coordinated response architecture and develops the elements of such an approach. Accepted Paper Series Date posted: June 14, 2006 ; Last revised: February 13, 2007Suggested Citation |
|
||||||||||||||||||||
© 2009 Social Science Electronic Publishing, Inc. All Rights Reserved. Terms of Use Privacy Policy
This page was served by apollo4 in 0.265 seconds.
Download
Facebook
Twitter
Digg
Del.icio.us
CiteULike
