Breached! Why Data Security Law Fails and How to Improve It (Chapter 1)

23 Pages Posted: 3 Mar 2022 Last revised: 22 Jun 2022

See all articles by Daniel J. Solove

Daniel J. Solove

George Washington University Law School

Woodrow Hartzog

Northeastern University School of Law and Khoury College of Computer Sciences; Center for Law, Information and Creativity (CLIC); Stanford Law School Center for Internet and Society

Date Written: March 1, 2022

Abstract

Digital connections permeate our lives—and so do data breaches. Given that we must be online for basic communication, finance, healthcare, and more, it is remarkable how difficult it is to secure our personal information. Despite the passage of many data security laws, data breaches are increasing at a record pace. In their book, BREACHED! WHY DATA SECURITY LAW FAILS AND HOW TO IMPROVE IT (Oxford University Press 2022), Professors Daniel Solove and Woodrow Hartzog argue that the law fails because, ironically, it focuses too much on the breach itself.

Drawing insights from many fascinating stories about data breaches, Solove and Hartzog show how major breaches could have been prevented or mitigated through better rules and often inexpensive, non-cumbersome means. They also reveal why the current law is counterproductive. It pummels organizations that have suffered a breach but doesn’t recognize how others contribute to the breach. These outside actors include software companies that create vulnerable software, device companies that make insecure devices, government policymakers who write regulations that increase security risks, organizations that train people to engage in risky behaviors, and more.

Although humans are the weakest link for data security, the law remains oblivious to the fact that policies and technologies are often designed with a poor understanding of human behavior. BREACHED! sets forth a holistic vision for data security law—one that holds all actors accountable, understands security broadly and in relationship to privacy, looks to prevention and mitigation rather than reaction, and is designed with people in mind. The book closes with a roadmap for how we can reboot law and policy surrounding data security.

Chapter 1 - Introduction: Chronicle of a Breach Foretold is available for download. The chapter tells the story of the Target breach and the lessons that can be learned from it about the shortcomings of data security law.

Keywords: data security, cybersecurity, data breach, privacy, breach notification, identity theft, security by design,

Suggested Citation

Solove, Daniel J. and Hartzog, Woodrow, Breached! Why Data Security Law Fails and How to Improve It (Chapter 1) (March 1, 2022). Oxford University Press (2022), GWU Legal Studies Research Paper No. 2022-24, GWU Law School Public Law Research Paper No. 2022-24, Available at SSRN: https://ssrn.com/abstract=4043111

Daniel J. Solove (Contact Author)

George Washington University Law School ( email )

2000 H Street, N.W.
Washington, DC 20052
United States
202-994-9514 (Phone)

HOME PAGE: http://danielsolove.com

Woodrow Hartzog

Northeastern University School of Law and Khoury College of Computer Sciences ( email )

416 Huntington Avenue
Boston, MA 02115
United States

HOME PAGE: http://https://www.northeastern.edu/law/faculty/directory/hartzog.html

Center for Law, Information and Creativity (CLIC) ( email )

416 Huntington Avenue
Boston, MA 02115
United States

Stanford Law School Center for Internet and Society ( email )

Palo Alto, CA
United States

HOME PAGE: http://cyberlaw.stanford.edu/profile/woodrow-hartzog

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
626
Abstract Views
1,904
rank
59,676
PlumX Metrics