Information Privacy and Data Security

Lauren Henry Scholz

Harvard Law School; Yale University - Information Society Project

June 3, 2015

Cardozo Law Review de Novo, 2015

Legal academic and policy discourse generally presumes that information privacy and data security are interchangeable goals. The conventional wisdom is that data security is a handmaiden of information privacy, and so what serves data security will serve information privacy. However, this view is an oversimplification of the relationship between the two fields. This Essay aids law and policy development in both fields by correctly defining their relationship to one another. Data security has separate objectives from information privacy that can be agnostic or even in opposition to information privacy. The law should acknowledge information privacy and data security as separate institutional objectives to prevent undesirable — or at least unpredictable — results in edge cases in which data security’s objectives run counter to those of information privacy.

Number of Pages in PDF File: 12

Keywords: cybersecurity, data security, data breach, security breach, breach notification, privacy, regulation, consumer protection, chief privacy officers, Federal Trade Commission, data protection, new governance, organizational fields, professionalization

Open PDF in Browser Download This Paper

Date posted: April 30, 2015 ; Last revised: October 24, 2015

Suggested Citation

Scholz, Lauren Henry, Information Privacy and Data Security (June 3, 2015). Cardozo Law Review de Novo, 2015. Available at SSRN: https://ssrn.com/abstract=2600495

Contact Information

Lauren Henry Scholz (Contact Author)
Harvard Law School ( email )
1575 Massachusetts
Hauser 406
Cambridge, MA 02138
United States

Yale University - Information Society Project ( email )
P.O. Box 208215
New Haven, CT 06520-8215
United States
Feedback to SSRN

Paper statistics
Abstract Views: 1,186
Downloads: 177
Download Rank: 134,492