For the past two decades, there has been an epidemic of data breaches, from Target, to Home Depot, to Equifax, to Uber, just to name a few. In their new book, “Breached! Why Data Security Law Fails and How to Improve It,” Daniel Solove, the John Marshall Harlan Research Professor of Law at the George Washington University Law School, and Woodrow Hartzog, Professor of Law and Computer Science at Northeastern University, tell us why current data security law fails and how we can improve it.
Stephanie Pell spoke with Dan and Woody about a number of issues they raise in their book, including how current data security law overemphasizes the conduct of breached entities and fails to distribute responsibility among a range of actors in the data ecosystem that contributes to the data breach. They also talked about their ideas for more proactive data security laws that work to reduce the harm caused by data breaches once they occur, encourage greater integration of privacy and security principles, and promote data security rules and practices designed with humans in mind.