Digital Commons Network^™

Understanding Cyber Risk: Unpacking And Responding To Cyber Threats Facing The Public And Private Sectors, Lawrence J. Trautman, Scott Shackelford, Brian Elzweig, Peter Ormerod

University of Miami Law Review

Cyberattacks, data breaches, and ransomware continue to pose major threats to businesses, governments, and health and educational institutions worldwide. Ongoing successful instances of cybercrime involve sophisticated attacks from diverse sources such as organized crime syndicates, actors engaged in industrial espionage, nation-states, and even lone wolf actors having relatively few resources. Technological innovation continues to outpace the ability of U.S. law to keep pace, though other jurisdictions including the European Union have been more proactive. Nation-state and international criminal group ransomware attacks continue; Sony’s systems were hacked by a ransomware group; MGM Resorts disclosed that recovery from their September 2023 hack …

Understanding Cyber Risk: Unpacking And Responding To Cyber Threats Facing The Public And Private Sectors, Lawrence J. Trautman, Scott Shackelford, Brian Elzweig, Peter Ormerod

University of Miami Law Review

Cyberattacks, data breaches, and ransomware continue to pose major threats to businesses, governments, and health and educational institutions worldwide. Ongoing successful instances of cybercrime involve sophisticated attacks from diverse sources such as organized crime syndicates, actors engaged in industrial espionage, nation-states, and even lone wolf actors having relatively few resources. Technological innovation continues to outpace the ability of U.S. law to keep pace, though other jurisdictions including the European Union have been more proactive. Nation-state and international criminal group ransomware attacks continue; Sony’s systems were hacked by a ransomware group; MGM Resorts disclosed that recovery from their September 2023 hack …

National Security And Federalizing Data Privacy Infrastructure For Ai Governance, Margaret Hu, Eliott Behar, Davi Ottenheimer

Faculty Publications

This Essay contends that data infrastructure, when implemented on a national scale, can transform the way we conceptualize artificial intelligence (AI) governance. AI governance is often viewed as necessary for a wide range of strategic goals, including national security. It is widely understood that allowing AI and generative AI to remain self-regulated by the U.S. AI industry poses significant national security risks. Data infrastructure and AI oversight can assist in multiple goals, including: maintaining data privacy and data integrity; increasing cybersecurity; and guarding against information warfare threats. This Essay concludes that conceptualizing data infrastructure as a form of critical infrastructure …

Comparing Gdpr Against The United States’ Approach To Data Breach Notification By Examining Texas And California And The Feasibility Of A Universal Standard, Amrit Nagi

Cybaris®

No abstract provided.

A Collection Of Financial Accounting Case Studies, Madison J. Demus

Honors Theses

The following thesis presents a comprehensive examination of various accounting topics through compilation of case studies. These studies delve into a range of subjects, including an interview with a successful business professional and identifying financial and accounting solutions for Apple, Inc., among others. Dr. Victoria Dickinson supervised and instructed the completion of these studies as part of the curriculum for the Sally McDonnell Barksdale Honors College and Patterson School of Accountancy. Throughout this research, I have been able to explore several areas of interest in accounting, such as the role of financial accounting in decision-making and the implications of tax …

The Future Of China's U.S.-Listed Firms: Legal And Political Perspectives On Possible Decoupling, Rebecca Parry, Qingxiu Bu

William & Mary Business Law Review

There is a long history of Chinese firms raising capital on leading U.S. exchanges. These shares have proved attractive and are estimated at $1 trillion value, in spite of deep mismatches between Chinese internal approaches to corporate governance and those taken under U.S. securities regulations. Chinese listings of nonstate firms, particularly in the technology sector, had depended on a largely laissez-faire initial approach to the expansion through foreign listings, including tolerance of the opaque Variable Interest Entity (VIE) structures adopted as a means to bypass Chinese restrictions on foreign ownership. Concerns regarding data security had, however, prevented compliance by Chinese …

The Importance Of Data Privacy And Security During Emergency Remote Learning, Emma Antobam-Ntekudzi

Publications and Research

The COVID-19 pandemic forever changed the world. The virus’ rapid spread forced federal and local governments to enact quarantine mandates. On March 11, 2020, the Center for Disease Control and Prevention (CDC) (2022) announced COVID-19 as a pandemic. Two days later the United States declared an official nationwide emergency. Institutions were required to shut down and persons deemed non-essential participated in quarantine. Remote working became the standard, thus affecting all aspects of individual lives and institutions, especially education. Primarily in-person universities and colleges across the world scrambled to address the COVID-19 health concerns, comply with local shutdown rules, and attempt …

Comments Of The Cordell Institute For Policy In Medicine & Law At Washington University In St. Louis, Neil Richards, Woodrow Hartzog, Jordan Francis

Faculty Scholarship

The Federal Trade Commission—with its broad, independent grant of authority and statutory mandate to identify and prevent unfair and deceptive trade practices—is uniquely situated to prevent and remedy unfair and deceptive data privacy and data security practices. In an increasingly digitized world, data collection, processing, and transfer have become integral to market interactions. Our personal and commercial experiences are now mediated by powerful, information-intensive firms who hold the power to shape what consumers see, how they interact, which options are available to them, and how they make decisions. That power imbalance exposes consumers and leaves them all vulnerable. We all …

It Outsourcing And Global Sourcing: A Comparative Approach From The Indian, U.K. And German Legal Perspectives, Ulrich Baumer, Mark Webber

Indian Journal of Law and Technology

Businesses today have been able to take advantage of technology in order to use models such as offshoring in order to reduce their costs without a corresponding decline in quality. However, concerns such as data confidentiality and security issues have emphasised the need for businesses to take considerable care when dealing with crossborder transactions, especially since some knowledge of the needs of different jurisdictions is necessary. This article examines the outsourcing model in the context of the information technology industry and looks at the most important clauses and legal issues in such contracts in the light of Indian, English and …

Menstrual And Fertility Tracking Apps And The Post Roe V. Wade Era, Samantha T. Campanella

Undergraduate Student Research Internships Conference

In the first section of the paper, I will place current conversations about data privacy within the broader context of restrictions that have been placed on reproductive rights by examining historical trajectories. Emphasis will be placed on the historical trajectory of how past policies and ideologies have worked against Roe v. Wade, and how this trajectory contributes to a decrease in access to abortions. In addition, recent news stories have documented the overturning of Roe v. Wade in several jurisdictions within the United States, which confirms the criminalization of abortion. In light of this, experts have raised awareness about the …

Data Vu: Why Breaches Involve The Same Stories Again And Again, Woodrow Hartzog, Daniel Solove

Shorter Faculty Works

In the classic comedy Groundhog Day, protagonist Phil, played by Bill Murray, asks “What would you do if you were stuck in one place and every day was exactly the same, and nothing that you did mattered?” In this movie, Phil is stuck reliving the same day over and over, where the events repeat in a continual loop, and nothing he does can stop them. Phil’s predicament sounds a lot like our cruel cycle with data breaches.

Every year, organizations suffer more data spills and attacks, with personal information being exposed and abused at alarming rates. While Phil …

Ransomware 2.0: An Emerging Threat To National Security, Mohiuddin Ahmed, Sascha Dominik Dov Bachmann, Abu Barkat Ullah, Shaun Barnett

Research outputs 2022 to 2026

The global Covid-19 pandemic has seen the rapid evolution of our traditional working environment; more people are working from home and the number of online meetings has increased. This trend has also affected the security sector. Consequently, the evolution of ransomware to what is now being described as ‘Ransomware 2.0’ has governments, businesses and individuals alike rushing to secure their data.

The Three Laws: The Chinese Communist Party Throws Down The Data Regulation Gauntlet, William Chaskes

Washington and Lee Law Review

Criticism of the Chinese Communist Party (CCP) runs a wide gamut. Accusations of human rights abuses, intellectual property theft, authoritarian domestic policies, disrespecting sovereign borders, and propaganda campaigns all have one common factor: the CCP’s desire to control information. Controlling information means controlling data. Lurking beneath the People’s Republic of China’s (PRC) tumultuous relationship with the rest of the world is the fight between nations to control their citizens’ data while also keeping it out of the hands of adversaries. The CCP’s Three Laws are its newest weapon in this data war.

One byproduct of the CCP’s emphasis on controlling …

Gauging The Acceptance Of Contact Tracing Technology: An Empirical Study Of Singapore Residents’ Concerns With Sharing Their Information And Willingness To Trust, Ee-Ing Ong, Wee Ling Loo

Research Collection Yong Pung How School Of Law

In response to the COVID-19 pandemic, governments began implementing various forms of contact tracing technology. Singapore’s implementation of its contact tracing technology, TraceTogether, however, was met with significant concern by its population, with regard to privacy and data security. This concern did not fit with the general perception that Singaporeans have a high level of trust in its government. We explore this disconnect, using responses to our survey (conducted pre-COVID-19) in which we asked participants about their level of concern with the government and business collecting certain categories of personal data. The results show that respondents had less concern with …

Small Business Cybersecurity: A Loophole To Consumer Data, Matthew R. Espinosa

The Scholar: St. Mary's Law Review on Race and Social Justice

Small businesses and small minority owned businesses are vital to our nation’s economy; therefore legislation, regulation, and policy has been created in order to assist them in overcoming their economic stability issues and ensure they continue to serve the communities that rely on them. However, there is not a focus on regulating nor assisting small businesses to ensure their cybersecurity standards are up to par despite them increasingly becoming a victim of cyberattacks that yield high consequences. The external oversight and assistance is necessary for small businesses due to their lack of knowledge in implementing effective cybersecurity policies, the fiscal …

Breached!: Why Data Security Law Fails And How To Improve It, Woodrow Hartzog, Daniel Solove

Books

Digital connections permeate our lives—and so do data breaches. Given that we must be online for basic communication, finance, healthcare, and more, it is remarkable how difficult it is to secure our personal information. Despite the passage of many data security laws, data breaches are increasing at a record pace. In their book, BREACHED! WHY DATA SECURITY LAW FAILS AND HOW TO IMPROVE IT (Oxford University Press 2022), Professors Daniel Solove and Woodrow Hartzog argue that the law fails because, ironically, it focuses too much on the breach itself.

Drawing insights from many fascinating stories about data breaches, Solove and …

How Data Security Concerns Can Hinder Natural Experiment Research: Background And Potential Solutions, Michael F. Pesko

ECON Publications

Health economists conducting cancer-related research often use geocoded data to analyze natural experiments generated by policy changes. These natural experiments can provide causal interpretation under certain conditions. Despite public health benefit of this rigorous natural experiment methodology, data providers are often reluctant to provide geocoded data due to confidentiality concerns. In this paper, I provide an example of the value of natural experiments from e-cigarette research and show how this research was hindered by security concerns. While the tension between data access and security will not be resolved overnight, I offer two recommendations: 1) provide public access to aggregated data …

An Overview Of Privacy Law In 2022, Daniel J. Solove, Paul M. Schwartz

GW Law Faculty Publications & Other Works

Chapter 1 of PRIVACY LAW FUNDAMENTALS (6th edition, IAPP 2022) provides an overview of information privacy law circa 2022. The chapter summarizes the common themes in privacy laws and discusses the various types of laws (federal, constitutional, state, international). It contains a list and brief summary of the most significant U.S. federal privacy laws. The heart of the chapter is an historical timeline of major developments in the law of privacy and data security, including key cases, enactments of laws, major regulatory developments, influential publications, and other significant events. The chapter also contains a curated list of important treatises and …

Breached! Why Data Security Law Fails And How To Improve It (Chapter 1), Daniel J. Solove, Woodrow Hartzog

GW Law Faculty Publications & Other Works

Digital connections permeate our lives—and so do data breaches. Given that we must be online for basic communication, finance, healthcare, and more, it is remarkable how difficult it is to secure our personal information. Despite the passage of many data security laws, data breaches are increasing at a record pace. In their book, BREACHED! WHY DATA SECURITY LAW FAILS AND HOW TO IMPROVE IT (Oxford University Press 2022), Professors Daniel Solove and Woodrow Hartzog argue that the law fails because, ironically, it focuses too much on the breach itself.

Drawing insights from many fascinating stories about data breaches, Solove and …

Performance Evaluation Of An Edge Computing Implementation Of Hyperledger Sawtooth For Iot Data Security, Sean Connolly

Dissertations

Blockchain offers a potential solution to some of the security challenges faced by the internet-of-things (IoT) by using its practically immutable ledger to store data transactions. However, past applications of blockchain in IoT encountered limitations in the rate at which transactions were committed to the chain as new blocks. These limitations were often the result of the time-consuming and computationally expensive consensus mechanisms found in public blockchains. Hyperledger Sawtooth is an open-source private blockchain platform that offers an efficient proof-of-elapsed-time (PoET) consensus mechanism. Sawtooth has performed well in benchmarks against other blockchains. However, a performance evaluation for a practical application …

Data Vu: Why Breaches Involve The Same Stories Again And Again, Daniel J. Solove

GW Law Faculty Publications & Other Works

This short essay discusses why data security law fails to effectively combat data breaches, which continue to increase. With a few exceptions, current laws about data security do not look too far beyond the blast radius of the most data breaches. Only so much marginal benefit can be had by increasing fines to breached entities. Instead, the law should target a broader set of risky actors, such as producers of insecure software and ad networks that facilitate the distribution of malware. Organizations that have breaches almost always could have done better, but there’s only so much marginal benefit from beating …

Individuals As Gatekeepers Against Data Misuse, Ying Hu

Michigan Technology Law Review

This article makes a case for treating individual data subjects as gatekeepers against misuse of personal data. Imposing gatekeeper responsibility on individuals is most useful where (a) the primary wrongdoers engage in data misuse intentionally or recklessly; (b) misuse of personal data is likely to lead to serious harm; and (c) one or more individuals are able to detect and prevent data misuse at a reasonable cost.

As gatekeepers, individuals should have a legal duty to take reasonable measures to prevent data misuse where they are aware of facts indicating that the person seeking personal data from them is highly …

Covid-19 One Year On: Security And Privacy Review Of Contact Tracing Mobile Apps, Wei Yang Ang, Lwin Khin Shar

Research Collection School Of Computing and Information Systems

The ongoing COVID-19 pandemic caused 3.8 million deaths since December 2019. At the current vaccination pace, this global pandemic could persist for several years. Throughout the world, contact tracing (CT) apps were developed, which play a significant role in mitigating the spread of COVID-19. This work examines the current state of security and privacy landscape of mobile CT apps. Our work is the first attempt, to our knowledge, which provides a comprehensive analysis of 70 CT apps used worldwide as of year Q1 2021. Among other findings, we observed that 80% of them may have handled sensitive data without adequate …

“Smart” Lawyering: Integrating Technology Competence Into The Legal Practice Curriculum, Dyane L. O'Leary

The University of New Hampshire Law Review

Technology has changed modern law practice. Ethics rules obligate lawyers to understand whether, when, and how to use it to deliver services. But most law schools do not incorporate the so-called “Duty of Technology Competence” into the required curriculum. Despite broad calls for legal education to make students more practice-ready, there is no clear path forward for how to weave this valuable professional skill into coursework for all students. This Article supplies one.

The legal practice course should pair technology competence with traditional legal writing and research work. Lawyers do not draft memos or perform legal research or manage caseloads …

Smart Cities And Sustainability: A New Challenge To Accountability?, Iria Giuffrida

William & Mary Environmental Law and Policy Review

From 1800 to today, the global population has shifted from only three percent living in an urban environment to well over fifty percent in 2020. As a result of urbanization, cities around the world struggle to manage traffic and waste, efficiently distribute utilities, and lower pollution to slow the progression of global warming. Smart city technologies have emerged as a tool to process cities’ various forms of data collected through networks of precisely placed sensors and map solutions to many of the environmental and social issues created by urbanization. For swelling metropolitan areas in the United States, China, and Europe …

Analyzing The Effectiveness Of Legal Regulations And Social Consequences For Securing Data, Howard B. Goodman

Masters Theses & Doctoral Dissertations

There is a wide range of concerns and challenges related to stored data security – which range from privacy and management to operations readiness, These challenges span from financial to personal and public impact. With an abundance of regulations for the enforcement of data security and emerging requirements proposed every year, organizations cannot avoid the legal or social implications of inadequate data protection. Today, public spotlight and awareness are challenging organizations to enhance how data is protected more than at any other time. For this reason, organizations have made significant efforts to improve security.

When looking at precautions or changes, …

A Brief Bibliometric Analysis And Visualisation Of Scopus And Wos Databases On Blockchain Technology In Healthcare Domain, Shailaja Pede, Madan Lal Saini

Library Philosophy and Practice (e-journal)

Background: The aim of this study is to analyse the work carried out in healthcare or medical domain using blockchain technology for privacy and security of patient’s data, their healthcare records. The documents published in Scopus and Web of Science databases during the year 2016 to present (February 2021) have been considered for survey.

Methods:

Scopus and Web of Science(WoS), most popular databases are used to retrieve documents which were published between years 2016 to present. Scopus analyser and web of Science analyser are used for analysis of various parameters such as documents published per year, sources of documents, number …

Big Data: Ethics, Resources, And Potential Collaboration, Matthew Zook

Geography Presentations

This presentation goes over 10 simple rules for responsible big data research.

Protection Of Data In Armed Conflict, Robin Geiss, Henning Lahmann

International Law Studies

This article presents a novel way to conceptualize the protection of data in situations of armed conflict. Although the question of the targeting of data through adversarial military cyber operations and its implications for the qualification of such conduct under International Humanitarian Law has been on scholars’ and states’ radar for the last few years, there remain a number of misunderstandings as to how to think about the notion of “data.” Based on a number of fictional scenarios, the article clarifies the pertinent terminology and makes some expedient distinctions between various types of data. It then analyzes how existing international …

Hipaa-Phobia Hampers Efforts To Track And Contain Covid-19, Lee Hiromoto M.D., J.D.

SLU Law Journal Online

The Health Insurance Portability and Accountability Act (HIPAA), enacted by the US Congress 1996, laudably protects medical privacy in healthcare settings. However, this federal law has created a culture of fear that limits current efforts to address the COVID-19 pandemic. Healthcare providers, who are covered by HIPAA, may be reluctant to disclose information about outbreak clusters for fear of violating the law. Healthcare organizations, who are also covered by the law, still rely on fax machines to avoid violating HIPAA’s data security requirements. And the scrupulous rule-following in healthcare has given independent life to a HIPAA boogeyman. Thus, officials who …