Data Vu: Why Breaches Involve the Same Stories Again and Again
Scientific American (July 2022)
GWU Legal Studies Research Paper No. 2023-24
5 Pages Posted: 19 Jan 2023 Last revised: 18 Sep 2023
Date Written: July 26, 2022
Abstract
This short essay discusses why data security law fails to effectively combat data breaches, which continue to increase. With a few exceptions, current laws about data security do not look too far beyond the blast radius of the most data breaches. Only so much marginal benefit can be had by increasing fines to breached entities. Instead, the law should target a broader set of risky actors, such as producers of insecure software and ad networks that facilitate the distribution of malware. Organizations that have breaches almost always could have done better, but there’s only so much marginal benefit from beating them up. Laws could focus on holding other actors more accountable, so responsibility is more aptly distributed.
Keywords: data breach, data security
Suggested Citation: Suggested Citation