Cybersecurity for Idiots

106 Minnesota Law Review Headnotes __ (2021 Forthcoming)

Arizona Legal Studies Discussion Paper No. 21-04

29 Pages Posted: 19 Mar 2021

See all articles by Derek E. Bambauer

Derek E. Bambauer

University of Arizona - James E. Rogers College of Law

Date Written: March 18, 2021

Abstract

Cybersecurity remains a critical issue facing regulators, particularly with the advent of the Internet of Things. General-purpose security regulators such as the Federal Trade Commission continually struggle with limited resources and information in their oversight. This Essay contends that a new approach to cybersecurity modeled on the negligence per se doctrine in tort law will significantly improve cybersecurity and reduce regulatory burdens. It introduces a taxonomy of regulators based upon the scope of their oversight and the pace of technological change in industries within their purview. Then, the Essay describes negligence per se for cybersecurity, which establishes a floor for security precautions that draws upon extant security standards. By focusing on the worst offenders, this framework improves notice to regulated entities, reduces information asymmetries, and traverses objections from legal scholars about the cost and efficacy of cybersecurity mandates. The Essay concludes by offering an emerging case study for its approach: regulation of quasi-medical devices by the Food and Drug Administration. As consumer devices increasingly offer functionality for both medical and non-medical purposes, the FDA will partly transition to a general-purpose regulator of information technology, and the negligence per se model can help the agency balance security precautions with promoting innovation.

Keywords: Cybersecurity, Internet of Things, cyberlaw, Federal Trade Commission, Food and Drug Administration, medical devices, tort, negligence per se, security, regulators, passwords, Internet, hacking, data breach, HIPAA, health care

Suggested Citation

Bambauer, Derek E., Cybersecurity for Idiots (March 18, 2021). 106 Minnesota Law Review Headnotes __ (2021 Forthcoming), Arizona Legal Studies Discussion Paper No. 21-04, Available at SSRN: https://ssrn.com/abstract=3807529

Derek E. Bambauer (Contact Author)

University of Arizona - James E. Rogers College of Law ( email )

P.O. Box 210176
Tucson, AZ 85721-0176
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
83
Abstract Views
438
rank
357,670
PlumX Metrics