A novel account of how the law contributes to the insecurity of our
data and a bold way to rethink it.
Digital connections permeate our lives-and so do data breaches. Given
that we must be online for basic communication, finance, healthcare, and
more, it is alarming how difficult it is to create rules for securing
our personal information. Despite the passage of many data security
laws, data breaches are increasing at a record pace. In Breached!,
Daniel Solove and Woodrow Hartzog, two of the world's leading experts on
privacy and data security, argue that the law fails because, ironically,
it focuses too much on the breach itself.
Drawing insights from many fascinating stories about data breaches,
Solove and Hartzog show how major breaches could have been prevented or
mitigated through a different approach to data security rules. Current
law is counterproductive. It pummels organizations that have suffered a
breach but doesn't address the many other actors that contribute to the
problem: software companies that create vulnerable software, device
companies that make insecure devices, government policymakers who write
regulations that increase security risks, organizations that train
people to engage in risky behaviors, and more.
Although humans are the weakest link for data security, policies and
technologies are often designed with a poor understanding of human
behavior. Breached! corrects this course by focusing on the human side
of security. Drawing from public health theory and a nuanced
understanding of risk, Solove and Hartzog set out a holistic vision for
data security law-one that holds all actors accountable, understands
security broadly and in relationship to privacy, looks to prevention and
mitigation rather than reaction, and works by accepting human
limitations rather than being in denial of them. The book closes with a
roadmap for how we can reboot law and policy surrounding data
security.
