Open Access. Powered by Scholars. Published by Universities.®
- Discipline
-
- Privacy Law (20)
- Consumer Protection Law (16)
- Internet Law (14)
- Computer Law (11)
- Communications Law (7)
-
- Science and Technology Law (7)
- Computer Sciences (5)
- Information Security (5)
- Physical Sciences and Mathematics (5)
- Administrative Law (4)
- Intellectual Property Law (4)
- Law and Society (4)
- Constitutional Law (3)
- Courts (3)
- Health Law and Policy (3)
- International Law (3)
- Litigation (3)
- Banking and Finance Law (2)
- Business (2)
- Business Organizations Law (2)
- Commercial Law (2)
- Criminal Law (2)
- Databases and Information Systems (2)
- Jurisprudence (2)
- National Security Law (2)
- Social and Behavioral Sciences (2)
- State and Local Government Law (2)
- Supreme Court of the United States (2)
- Air and Space Law (1)
- Institution
-
- George Washington University Law School (4)
- Boston University School of Law (3)
- Loyola Marymount University and Loyola Law School (3)
- University of Colorado Law School (3)
- Maurer School of Law: Indiana University (2)
-
- Roger Williams University (2)
- St. John's University School of Law (2)
- University of Pittsburgh School of Law (2)
- Chicago-Kent College of Law (1)
- Cleveland State University (1)
- Florida International University College of Law (1)
- Fordham Law School (1)
- Marquette University Law School (1)
- New York Law School (1)
- Northern Illinois University (1)
- Penn State Law (1)
- Pepperdine University (1)
- SJ Quinney College of Law, University of Utah (1)
- Schulich School of Law, Dalhousie University (1)
- SelectedWorks (1)
- Southern Methodist University (1)
- St. Mary's University (1)
- The Catholic University of America, Columbus School of Law (1)
- University of Cincinnati College of Law (1)
- University of Georgia School of Law (1)
- University of Maryland Francis King Carey School of Law (1)
- University of Michigan Law School (1)
- University of New Hampshire (1)
- University of Pennsylvania Carey Law School (1)
- University of Richmond (1)
- Publication Year
- Publication
-
- GW Law Faculty Publications & Other Works (4)
- Loyola of Los Angeles Law Review (3)
- Publications (3)
- All Faculty Scholarship (2)
- Articles (2)
-
- Faculty Scholarship (2)
- St. John's Law Review (2)
- Articles by Maurer Faculty (1)
- Books (1)
- Canadian Journal of Law and Technology (1)
- Catholic University Law Review (1)
- FIU Law Review (1)
- Faculty Articles and Other Publications (1)
- Fordham Intellectual Property, Media and Entertainment Law Journal (1)
- Georgia Law Review (1)
- Homeland Security Publications (1)
- Honors Theses and Capstones (1)
- Indiana Law Journal (1)
- Journal Articles (1)
- Journal of Law and Health (1)
- Law School Blogs (1)
- Life of the Law School (1993- ) (1)
- Marquette Intellectual Property & Innovation Law Review (1)
- Michigan Law Review (1)
- NYLS Law Review (1)
- Northern Illinois University Law Review (1)
- Richmond Journal of Law & Technology (1)
- SMU Law Review (1)
- San Diego International Law Journal (1)
- Shorter Faculty Works (1)
- Publication Type
Articles 1 - 30 of 46
Full-Text Articles in Law
Redefining The Injury-In-Fact: Treating Personally Identifying Information As Bailed Property, Austin Headrick
Redefining The Injury-In-Fact: Treating Personally Identifying Information As Bailed Property, Austin Headrick
Georgia Law Review
There is a long-existing circuit split among federal courts of appeals as to whether an individual has standing under Article III of the United States Constitution when their personally identifying information (PII) is stolen from an entity to which they entrusted it such as a hospital or bank. Federal courts disagree as to whether an individual whose PII has been stolen—without more—has suffered an injury-in-fact, a necessary element of standing. The disagreement between the courts centers on whether the injury-in-fact has already occurred at the time the PII is stolen or whether the injury occurs once the PII has been …
The Need For Cyber Resilience Of Space Assets: Law And Policy Considerations Of Ensuring Cybersecurity In Outer Space, Daniella Febbraro
The Need For Cyber Resilience Of Space Assets: Law And Policy Considerations Of Ensuring Cybersecurity In Outer Space, Daniella Febbraro
Canadian Journal of Law and Technology
In 2018, NASA’s Jet Propulsion Laboratory was the subject of a data breach where over 500 megabytes of data from a major mission system was stolen by hackers. This attack affected NASA’s Deep Space Network, prompting the United States Johnson Space Center to disconnect the International Space Station from the affected gateway due to fears that mission systems could become compromised. NASA has acknowledged that its vast online presence, which includes thousands of publicly accessible datasets, offers a large potential target for cybercriminals. The 2018 incident was one of many, with NASA experiencing more than 6000 cyberattacks from 2017-2021 alone. …
Cyberattacks: An Underlying Condition Exacerbated By The Covid-19 Pandemic, Kaitlyn Palmeter
Cyberattacks: An Underlying Condition Exacerbated By The Covid-19 Pandemic, Kaitlyn Palmeter
The Journal of Business, Entrepreneurship & the Law
COVID-19 continues to change the world in unforeseen ways triggering a new era of corporate data breaches. This article will illustrate how cyberattacks have increased in severity during the pandemic, how current laws and government officials are trying to evolve with the current threats and technology, how victims of cyberattacks risk sanctions and potential lawsuits, and concludes by suggesting solutions throughout to increase Cybersecurity.
Data Vu: Why Breaches Involve The Same Stories Again And Again, Woodrow Hartzog, Daniel Solove
Data Vu: Why Breaches Involve The Same Stories Again And Again, Woodrow Hartzog, Daniel Solove
Shorter Faculty Works
In the classic comedy Groundhog Day, protagonist Phil, played by Bill Murray, asks “What would you do if you were stuck in one place and every day was exactly the same, and nothing that you did mattered?” In this movie, Phil is stuck reliving the same day over and over, where the events repeat in a continual loop, and nothing he does can stop them. Phil’s predicament sounds a lot like our cruel cycle with data breaches.
Every year, organizations suffer more data spills and attacks, with personal information being exposed and abused at alarming rates. While Phil …
Small Business Cybersecurity: A Loophole To Consumer Data, Matthew R. Espinosa
Small Business Cybersecurity: A Loophole To Consumer Data, Matthew R. Espinosa
The Scholar: St. Mary's Law Review on Race and Social Justice
Small businesses and small minority owned businesses are vital to our nation’s economy; therefore legislation, regulation, and policy has been created in order to assist them in overcoming their economic stability issues and ensure they continue to serve the communities that rely on them. However, there is not a focus on regulating nor assisting small businesses to ensure their cybersecurity standards are up to par despite them increasingly becoming a victim of cyberattacks that yield high consequences. The external oversight and assistance is necessary for small businesses due to their lack of knowledge in implementing effective cybersecurity policies, the fiscal …
Breached!: Why Data Security Law Fails And How To Improve It, Woodrow Hartzog, Daniel Solove
Breached!: Why Data Security Law Fails And How To Improve It, Woodrow Hartzog, Daniel Solove
Books
Digital connections permeate our lives—and so do data breaches. Given that we must be online for basic communication, finance, healthcare, and more, it is remarkable how difficult it is to secure our personal information. Despite the passage of many data security laws, data breaches are increasing at a record pace. In their book, BREACHED! WHY DATA SECURITY LAW FAILS AND HOW TO IMPROVE IT (Oxford University Press 2022), Professors Daniel Solove and Woodrow Hartzog argue that the law fails because, ironically, it focuses too much on the breach itself.
Drawing insights from many fascinating stories about data breaches, Solove and …
Patching The Data Security Blanket: How A Stronger, Collaborative Ftc Is The Answer Right Under Our Nose, Jose A. Gonzalez Lopez
Patching The Data Security Blanket: How A Stronger, Collaborative Ftc Is The Answer Right Under Our Nose, Jose A. Gonzalez Lopez
Marquette Intellectual Property & Innovation Law Review
None
Breached! Why Data Security Law Fails And How To Improve It (Chapter 1), Daniel J. Solove, Woodrow Hartzog
Breached! Why Data Security Law Fails And How To Improve It (Chapter 1), Daniel J. Solove, Woodrow Hartzog
GW Law Faculty Publications & Other Works
Digital connections permeate our lives—and so do data breaches. Given that we must be online for basic communication, finance, healthcare, and more, it is remarkable how difficult it is to secure our personal information. Despite the passage of many data security laws, data breaches are increasing at a record pace. In their book, BREACHED! WHY DATA SECURITY LAW FAILS AND HOW TO IMPROVE IT (Oxford University Press 2022), Professors Daniel Solove and Woodrow Hartzog argue that the law fails because, ironically, it focuses too much on the breach itself.
Drawing insights from many fascinating stories about data breaches, Solove and …
Data Vu: Why Breaches Involve The Same Stories Again And Again, Daniel J. Solove
Data Vu: Why Breaches Involve The Same Stories Again And Again, Daniel J. Solove
GW Law Faculty Publications & Other Works
This short essay discusses why data security law fails to effectively combat data breaches, which continue to increase. With a few exceptions, current laws about data security do not look too far beyond the blast radius of the most data breaches. Only so much marginal benefit can be had by increasing fines to breached entities. Instead, the law should target a broader set of risky actors, such as producers of insecure software and ad networks that facilitate the distribution of malware. Organizations that have breaches almost always could have done better, but there’s only so much marginal benefit from beating …
An Overview Of Privacy Law In 2022, Daniel J. Solove, Paul M. Schwartz
An Overview Of Privacy Law In 2022, Daniel J. Solove, Paul M. Schwartz
GW Law Faculty Publications & Other Works
Chapter 1 of PRIVACY LAW FUNDAMENTALS (6th edition, IAPP 2022) provides an overview of information privacy law circa 2022. The chapter summarizes the common themes in privacy laws and discusses the various types of laws (federal, constitutional, state, international). It contains a list and brief summary of the most significant U.S. federal privacy laws. The heart of the chapter is an historical timeline of major developments in the law of privacy and data security, including key cases, enactments of laws, major regulatory developments, influential publications, and other significant events. The chapter also contains a curated list of important treatises and …
Five Approaches To Insuring Cyber Risks, Christopher C. French
Five Approaches To Insuring Cyber Risks, Christopher C. French
Journal Articles
Cyber risks are some of the most dangerous risks of the twenty-first century. Many types of businesses, including retail stores, healthcare entities, and financial institutions, as well as government entities, are the targets of cyber attacks. The simple reality is that no computer security system is completely safe. They all can be breached if the hackers are skilled enough and determined. Consequently, the worldwide damages caused by cyber attacks are predicted to reach $10.5 trillion by 2025. Insuring such risks is a monumental task.
The cyber insurance market currently is fragmented with hundreds of insurers selling their own cyber risk …
Circuit Courts Split: Victim Of A Data Breach? Can You “Stand” And Sue In Federal Court?, Darlyn De La Rosa
Circuit Courts Split: Victim Of A Data Breach? Can You “Stand” And Sue In Federal Court?, Darlyn De La Rosa
FIU Law Review
No abstract provided.
Symposium: The California Consumer Privacy Act, Margot Kaminski, Jacob Snow, Felix Wu, Justin Hughes
Symposium: The California Consumer Privacy Act, Margot Kaminski, Jacob Snow, Felix Wu, Justin Hughes
Loyola of Los Angeles Law Review
Loyola of Los Angeles Law Review is pleased to publish the third “symposium discussion” series in which leading experts are invited to engage in an evening symposium on a new or emerging area of law. The subject of our second evening symposium was the California Consumer Privacy Act (CCPA), a statute signed into state law by then- Governor Jerry Brown on June 28, 2018 and effective as of January 1, 2020.
As with most new law, there are many unsettled issues, disagreements about the likely impact of the law, and much to be developed as regulations are established and the …
Forging A Path Towards Meaningful Digital Privacy: Data Monetization And The Ccpa, Rebecca Harris
Forging A Path Towards Meaningful Digital Privacy: Data Monetization And The Ccpa, Rebecca Harris
Loyola of Los Angeles Law Review
The California Consumer Privacy Act (CCPA) was passed in response to a number of newsworthy data breaches with widespread impacts, and which revealed how little digital privacy consumers actually have. Despite the large market for consumer data, individual consumers generally do not earn money when their personal data are sold. Further, consumers have very little control over who collects their data, what information is collected, and with whom it is shared. To place control back in the hands of the consumer, affirmative consent should be required to collect and sell consumer’s data, and consumers should have the ability to sell …
Untangling The Privacy Law Web: Why The California Consumer Privacy Act Furthers The Need For Federal Preemptive Legislation, Jordan Yallen
Untangling The Privacy Law Web: Why The California Consumer Privacy Act Furthers The Need For Federal Preemptive Legislation, Jordan Yallen
Loyola of Los Angeles Law Review
No abstract provided.
The (Possibly) Injured Consumer: Standing In Data Breach Litigation, Lauren M. Lozada
The (Possibly) Injured Consumer: Standing In Data Breach Litigation, Lauren M. Lozada
St. John's Law Review
(Excerpt)
This Note will address the question of what factors a prospective plaintiff must display to “push [a] threatened injury of future identity theft beyond the speculative to the sufficiently imminent.” Part I will delve into relevant statistics to identify the characteristics of a data breach that most often lead to eventual identity theft. Part II will explore recent data breach standing cases and analyze the factual differences and legal perspectives that have led to disparate results among the federal circuits. Lastly, Part III will recommend a method for evaluating future data breach standing issues.
Legislative And Regulatory Obligations On Corporate Attorneys: Production Data In The World Of Sarbanes Oxley And General Data Protections, David Tersteeg
Legislative And Regulatory Obligations On Corporate Attorneys: Production Data In The World Of Sarbanes Oxley And General Data Protections, David Tersteeg
Northern Illinois University Law Review
Sarbanes Oxley, General Data Protection Regulation, and the American Bar Association's Model Rules place significant professional and personal obligations on attorneys who represent organizations in regard to their organization's handling of production and personal data. There are significant areas of vulnerability to the production and personal data that are frequently overlooked or ignored which significantly increase the likelihood and damage from a data breach. This article will provide an overview of the obligations, recent data breaches, the foreseeability and material impacts of data breaches, and a methodology to drive improvement in an organization.
The Path To Standing: Asserting The Inherent Injury Of The Data Breach, Jennifer M. Joslin
The Path To Standing: Asserting The Inherent Injury Of The Data Breach, Jennifer M. Joslin
Utah Law Review
Data breaches are on the rise as consumers continue to exchange personally identifiable information for goods and services in sectors from retail to healthcare. In the aftermath of a data breach, it has been difficult for victims of the breach to establish Article III standing to sue in federal courts. The primary hurdle for those seeking a remedy for the theft of their data has been showing that they have suffered an injury-in-fact. Plaintiffs typically assert an injury based on the increased risk of identity theft following a breach. However, courts have divided on whether such an injury satisfies the …
Protecting Personal Data: A Model Data Security And Breach Notifications Statute, Michael Bloom
Protecting Personal Data: A Model Data Security And Breach Notifications Statute, Michael Bloom
St. John's Law Review
(Excerpt)
This Note argues that current law is inadequate to protect consumers in light of the prevalence and severity of data breaches in recent years, and that a unifying federal legislation combining portions of state law and the DSBNA should be enacted. Part I of this Note analyzes the DSBNA for notification requirements when data breaches occur, the requirements for the implementation of security policies, regulatory mechanisms for monitoring compliance with these requirements, and criminal penalties for failing to comply. Part II summarizes the various state laws that exist for notification of data breaches. Part III proposes a model federal …
Chambliss V. Carefirst, Inc., Sarah Fucci
Consumer Protection—Exploring Private Causes Of Action For Victims Of Data Breaches, Justin H. Dion, Nicholas M. Smith
Consumer Protection—Exploring Private Causes Of Action For Victims Of Data Breaches, Justin H. Dion, Nicholas M. Smith
Faculty Scholarship
Data breaches are becoming a norm in modern life. Every year it seems that bigger and bigger attacks are launched, and more and more individuals are harmed. The law has responded by increasing states’ ability to prosecute cybercriminals. A glaring hole exists in this protection though. The state is largely an unharmed party. The real harm is done to individual citizens affected by the breaches. Their data is compromised, their identities are stolen, and their livelihoods are placed at risk. This Article will analyze the issue and propose a solution for increased consumer protection in addition to the current criminal …
Data Disparity: Tiered Pricing As An Alternative To Consumer Iot Data Privacy Regulations, Matthew Lostocco
Data Disparity: Tiered Pricing As An Alternative To Consumer Iot Data Privacy Regulations, Matthew Lostocco
Honors Theses and Capstones
In recent years, Internet of Things (IoT) devices have exploded on the consumer scene. These emerging products bring new technological capabilities into our everyday lives. IoT is projected to contribute anywhere from $4-11 trillion to the global economy and companies are investing billions of dollars into the technology. However, with the vast amount of data that IoT devices collect, consumers are burdening the risk of having their personal data breached or sold to third parties. This paper first identifies why consumers may be weary or willing towards providing their personal data and how unconscious biases in the purchasing process cause …
Face Off: An Examination Of State Biometric Privacy Statutes & Data Harm Remedies, Maya E. Rivera
Face Off: An Examination Of State Biometric Privacy Statutes & Data Harm Remedies, Maya E. Rivera
Fordham Intellectual Property, Media and Entertainment Law Journal
As biometric authentication becomes an increasingly popular method of security among consumers, only three states currently have statutes detailing how such data may be collected, used, retained, and released. The Illinois Biometric Information Privacy Act is the only statute of the three that enshrines a private right of action for those who fail to properly handle biometric data. Both the Texas Capture or Use Biometric Identifier Act Information Act and the Washington Biometric Privacy Act allow for state Attorneys General to bring suit on behalf of aggrieved consumers. This Note examines these three statutes in the context of data security …
What's The Big Hurry? The Urgency Of Data Breach Notification, Ellen Cornelius
What's The Big Hurry? The Urgency Of Data Breach Notification, Ellen Cornelius
Homeland Security Publications
No abstract provided.
How Much Should We Spend To Protect Privacy?: Data Breaches And The Need For Information We Do Not Have, Richard Warner, Robert Sloan
How Much Should We Spend To Protect Privacy?: Data Breaches And The Need For Information We Do Not Have, Richard Warner, Robert Sloan
All Faculty Scholarship
A cost/benefit approach to privacy confronts two tradeoff issues. One is making appropriate tradeoffs between privacy and many goals served by the collection, distribution, and use of information. The other is making tradeoffs between investments in preventing unauthorized access to information and the variety of other goals that also make money, time, and effort demands. Much has been written about the first tradeoff. We focus on the second. The issue is critical. Data breaches occur at the rate of over three a day, and the aggregate social cost is extremely high. The puzzle is that security experts have long explained …
That Was Close! Reward Reporting Of Cybersecurity “Near Misses”, Jonathan Bair, Steven M. Bellovin, Andrew Manley, Blake Reid, Adam Shostak
That Was Close! Reward Reporting Of Cybersecurity “Near Misses”, Jonathan Bair, Steven M. Bellovin, Andrew Manley, Blake Reid, Adam Shostak
Publications
Building, deploying, and maintaining systems with sufficient cybersecurity is challenging. Faster improvement would be valuable to society as a whole. Are we doing as much as we can to improve? We examine robust and long-standing systems for learning from near misses in aviation, and propose the creation of a Cyber Safety Reporting System (CSRS).
To support this argument, we examine the liability concerns which inhibit learning, including both civil and regulatory liability. We look to the way in which cybersecurity engineering and science is done today, and propose that a small amount of ‘policy entrepreneurship’ could have substantial positive impact. …
Cancelled Credit Cards: Substantial Risk Of Future Injury As A Basis For Standing In Data Breach Cases, Jennifer Wilt
Cancelled Credit Cards: Substantial Risk Of Future Injury As A Basis For Standing In Data Breach Cases, Jennifer Wilt
SMU Law Review
No abstract provided.
Who Are The Real Cyberbullies: Hackers Or The Ftc? The Fairness Of The Ftc’S Authority In The Data Security Context, Jaclyn K. Haughom
Who Are The Real Cyberbullies: Hackers Or The Ftc? The Fairness Of The Ftc’S Authority In The Data Security Context, Jaclyn K. Haughom
Catholic University Law Review
As technology continues to be an integral part of daily life, there lies an ever-increasing threat of the personally identifiable information of consumers being lost, stolen, or accessed without authorization. The Federal Trade Commission (FTC) is the U.S. government’s primary consumer protection agency and the country’s lead enforcer against companies subject to data breaches. Although the FTC lacks explicit statutory authority to enforce against data breaches, the Commission has successfully relied on Section 5 of the FTC Act (FTCA) to exercise its consumer protection power in the data security context. However, as the FTC continues to take action against businesses …
Health Information Equity, Craig Konnoth
Health Information Equity, Craig Konnoth
Publications
In the last few years, numerous Americans’ health information has been collected and used for follow-on, secondary research. This research studies correlations between medical conditions, genetic or behavioral profiles, and treatments, to customize medical care to specific individuals. Recent federal legislation and regulations make it easier to collect and use the data of the low-income, unwell, and elderly for this purpose. This would impose disproportionate security and autonomy burdens on these individuals. Those who are well-off and pay out of pocket could effectively exempt their data from the publicly available information pot. This presents a problem which modern research ethics …
Cybersecurity Stovepiping, David Thaw
Cybersecurity Stovepiping, David Thaw
Articles
Most readers of this Article probably have encountered – and been frustrated by – password complexity requirements. Such requirements have become a mainstream part of contemporary culture: "the more complex your password is, the more secure you are, right?" So the cybersecurity experts tell us… and policymakers have accepted this "expertise" and even adopted such requirements into law and regulation.
This Article asks two questions. First, do complex passwords actually achieve the goals many experts claim? Does using the password "Tr0ub4dor&3" or the passphrase "correcthorsebatterystaple" actually protect your account? Second, if not, then why did such requirements become so widespread? …