It’s so hard to keep up with news these days, so in case you missed these developments:
- Public Health Agency of Canada didn’t act transparently when it proposed to access, then eventually viewed, Canadians’ mobility data, the House of Commons’ Ethics committee heard in February. Read more at iPolitics.
- Yahoo shutters email service in China. Read more at The Register.
You can find these and more on Joe Cadillic’s MassPrivateI post for March 7.
And…. NEW!!!!!!! (Yes, I’m Excited!)
Breached!: Why Data Security Law Fails and How to Improve it is available now. It’s by privacy law scholars Daniel Solove and Woodrow Hartzog. Solove and Hartzog have studied and written about privacy laws and breaches for years now, and their book provides a unique perspective on why our system is broken and how to fix it. From the Abstract of their book, as posted on SSRN:
Abstract
Digital connections permeate our lives—and so do data breaches. Given that we must be online for basic communication, finance, healthcare, and more, it is remarkable how difficult it is to secure our personal information. Despite the passage of many data security laws, data breaches are increasing at a record pace. In their book, BREACHED! WHY DATA SECURITY LAW FAILS AND HOW TO IMPROVE IT (Oxford University Press 2022), Professors Daniel Solove and Woodrow Hartzog argue that the law fails because, ironically, it focuses too much on the breach itself.
Drawing insights from many fascinating stories about data breaches, Solove and Hartzog show how major breaches could have been prevented or mitigated through better rules and often inexpensive, non-cumbersome means. They also reveal why the current law is counterproductive. It pummels organizations that have suffered a breach but doesn’t recognize how others contribute to the breach. These outside actors include software companies that create vulnerable software, device companies that make insecure devices, government policymakers who write regulations that increase security risks, organizations that train people to engage in risky behaviors, and more.
Although humans are the weakest link for data security, the law remains oblivious to the fact that policies and technologies are often designed with a poor understanding of human behavior. BREACHED! sets forth a holistic vision for data security law—one that holds all actors accountable, understands security broadly and in relationship to privacy, looks to prevention and mitigation rather than reaction, and is designed with people in mind. The book closes with a roadmap for how we can reboot law and policy surrounding data security.
Want to test-drive the book? The authors have made the first chapter freely available via SSRN. Download it here.
Want to order the book? It’s published by Oxford University Press. It is also available on Amazon.com.
Hi. Link to SSRN is broken (refers to local storage C:/).
Ah.. I was undercaffeinated again, it seems. Thank you — I hope I have fixed it now.