Download this Paper Open PDF in Browser

Rules, Standards, and Geeks

Brooklyn Journal of Corporate Finance & Commercial Law, Vol. 5, p. 49, 2011

Brooklyn Law School, Legal Studies Paper No. 223

15 Pages Posted: 27 Mar 2011  

Derek E. Bambauer

University of Arizona - James E. Rogers College of Law

Date Written: March 22, 2011

Abstract

Policymakers and scholars generally assume that information technology is best regulated using standards, not rules. This Article argues that rules are often the superior choice. Those favoring standards typically focus on the wrong problem: they seek to prevent data spills, rather than to mitigate their impact. Rules can helpfully reduce a breach's effects. For technology, rules are preferable when they can specify a minimum level of protection that is relatively effective; where obsolescence occurs slowly; and where monitoring implementation is low-cost and accurate. The Article sets out examples of where each type of approach is superior. Application design is best governed by standards, while the transport and storage of data, along with identification of access to information, are best dealt with via rules. The Article questions the prevailing consensus in favor of standards for regulating technology, and also seeks to create testable predictions about when rules will work better.

Keywords: rules, standards, encryption, data security, privacy, technology, hacking, data spill, breach, mitigate, storage, application, design, efficiency, cost-effectiveness, information

Suggested Citation

Bambauer, Derek E., Rules, Standards, and Geeks (March 22, 2011). Brooklyn Journal of Corporate Finance & Commercial Law, Vol. 5, p. 49, 2011 ; Brooklyn Law School, Legal Studies Paper No. 223. Available at SSRN: https://ssrn.com/abstract=1792824

Derek E. Bambauer (Contact Author)

University of Arizona - James E. Rogers College of Law ( email )

P.O. Box 210176
Tucson, AZ 85721-0176
United States

Paper statistics

Downloads
174
Rank
145,856
Abstract Views
836