Unifying Privacy and Data Security

Chapter 7 of BREACHED! WHY DATA SECURITY LAW FAILS AND HOW TO IMPROVE IT (Oxford University Press 2022)

36 Pages Posted: 3 Aug 2022

See all articles by Daniel J. Solove

Daniel J. Solove

George Washington University Law School

Woodrow Hartzog

Boston University School of Law; Stanford Law School Center for Internet and Society

Date Written: July 27, 2022

Abstract

This book chapter discusses the relationship between privacy and data security. Privacy is a key and underappreciated aspect of data security. Right now, there is a schism between privacy and security in companies. Privacy functions are commonly addressed by the compliance and legal departments, while security is handled by the information technology department. The two areas are commonly split apart and rarely speak to each other.

The chapter argues that we should bridge data security and privacy and make them go hand-in-hand in both law and policy. Strong privacy rules help create accountability for the collection, use, and dissemination of personal information and can reduce vulnerabilities and risk by minimizing the use and retention of personal information. Good privacy strengthens security. The chapter specifically focuses on the importance of data minimization and data mapping as privacy practices that have tremendous benefits for data security.

This piece is Chapter 7 of Daniel J. Solove and Woodrow Hartzog's book, BREACHED! WHY DATA SECURITY LAW FAILS AND HOW TO IMPROVE IT (Oxford University Press 2022). In the book, Professors Solove and Hartzog explore the shortcomings of data security law. They argue that the law fails because, ironically, it focuses too much on the breach itself.

Keywords: data security, cybersecurity, data breach, privacy, relationship between privacy and security, data minimization, data mapping

Suggested Citation

Solove, Daniel J. and Hartzog, Woodrow, Unifying Privacy and Data Security (July 27, 2022). Chapter 7 of BREACHED! WHY DATA SECURITY LAW FAILS AND HOW TO IMPROVE IT (Oxford University Press 2022), Available at SSRN: https://ssrn.com/abstract=4173764

Daniel J. Solove (Contact Author)

George Washington University Law School ( email )

2000 H Street, N.W.
Washington, DC 20052
United States
202-994-9514 (Phone)

HOME PAGE: http://danielsolove.com

Woodrow Hartzog

Boston University School of Law ( email )

765 Commonwealth Avenue
Boston, MA 02215
United States

HOME PAGE: http://https://www.bu.edu/law/profile/woodrow-hartzog/

Stanford Law School Center for Internet and Society ( email )

Palo Alto, CA
United States

HOME PAGE: http://cyberlaw.stanford.edu/profile/woodrow-hartzog

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
32
Abstract Views
100
PlumX Metrics