Open Access. Powered by Scholars. Published by Universities.®

Law Commons

Open Access. Powered by Scholars. Published by Universities.®

Data security

Discipline
Institution
Publication Year
Publication
Publication Type
File Type

Articles 1 - 30 of 79

Full-Text Articles in Law

Comments Of The Cordell Institute For Policy In Medicine & Law At Washington University In St. Louis, Neil Richards, Woodrow Hartzog, Jordan Francis Nov 2022

Comments Of The Cordell Institute For Policy In Medicine & Law At Washington University In St. Louis, Neil Richards, Woodrow Hartzog, Jordan Francis

Faculty Scholarship

The Federal Trade Commission—with its broad, independent grant of authority and statutory mandate to identify and prevent unfair and deceptive trade practices—is uniquely situated to prevent and remedy unfair and deceptive data privacy and data security practices. In an increasingly digitized world, data collection, processing, and transfer have become integral to market interactions. Our personal and commercial experiences are now mediated by powerful, information-intensive firms who hold the power to shape what consumers see, how they interact, which options are available to them, and how they make decisions. That power imbalance exposes consumers and leaves them all vulnerable. We all …


It Outsourcing And Global Sourcing: A Comparative Approach From The Indian, U.K. And German Legal Perspectives Sep 2022

It Outsourcing And Global Sourcing: A Comparative Approach From The Indian, U.K. And German Legal Perspectives

Indian Journal of Law and Technology

Businesses today have been able to take advantage of technology in order to use models such as offshoring in order to reduce their costs without a corresponding decline in quality. However, concerns such as data confidentiality and security issues have emphasised the need for businesses to take considerable care when dealing with crossborder transactions, especially since some knowledge of the needs of different jurisdictions is necessary. This article examines the outsourcing model in the context of the information technology industry and looks at the most important clauses and legal issues in such contracts in the light of Indian, English and …


Menstrual And Fertility Tracking Apps And The Post Roe V. Wade Era, Samantha T. Campanella Aug 2022

Menstrual And Fertility Tracking Apps And The Post Roe V. Wade Era, Samantha T. Campanella

Undergraduate Student Research Internships Conference

In the first section of the paper, I will place current conversations about data privacy within the broader context of restrictions that have been placed on reproductive rights by examining historical trajectories. Emphasis will be placed on the historical trajectory of how past policies and ideologies have worked against Roe v. Wade, and how this trajectory contributes to a decrease in access to abortions. In addition, recent news stories have documented the overturning of Roe v. Wade in several jurisdictions within the United States, which confirms the criminalization of abortion. In light of this, experts have raised awareness about the …


The Three Laws: The Chinese Communist Party Throws Down The Data Regulation Gauntlet, William Chaskes Jul 2022

The Three Laws: The Chinese Communist Party Throws Down The Data Regulation Gauntlet, William Chaskes

Washington and Lee Law Review

Criticism of the Chinese Communist Party (CCP) runs a wide gamut. Accusations of human rights abuses, intellectual property theft, authoritarian domestic policies, disrespecting sovereign borders, and propaganda campaigns all have one common factor: the CCP’s desire to control information. Controlling information means controlling data. Lurking beneath the People’s Republic of China’s (PRC) tumultuous relationship with the rest of the world is the fight between nations to control their citizens’ data while also keeping it out of the hands of adversaries. The CCP’s Three Laws are its newest weapon in this data war.

One byproduct of the CCP’s emphasis on controlling …


Gauging The Acceptance Of Contact Tracing Technology: An Empirical Study Of Singapore Residents’ Concerns With Sharing Their Information And Willingness To Trust, Ee-Ing Ong, Wee Ling Loo Jun 2022

Gauging The Acceptance Of Contact Tracing Technology: An Empirical Study Of Singapore Residents’ Concerns With Sharing Their Information And Willingness To Trust, Ee-Ing Ong, Wee Ling Loo

Research Collection Yong Pung How School Of Law

In response to the COVID-19 pandemic, governments began implementing various forms of contact tracing technology. Singapore’s implementation of its contact tracing technology, TraceTogether, however, was met with significant concern by its population, with regard to privacy and data security. This concern did not fit with the general perception that Singaporeans have a high level of trust in its government. We explore this disconnect, using responses to our survey (conducted pre-COVID-19) in which we asked participants about their level of concern with the government and business collecting certain categories of personal data. The results show that respondents had less concern with …


Small Business Cybersecurity: A Loophole To Consumer Data, Matthew R. Espinosa May 2022

Small Business Cybersecurity: A Loophole To Consumer Data, Matthew R. Espinosa

The Scholar: St. Mary's Law Review on Race and Social Justice

Small businesses and small minority owned businesses are vital to our nation’s economy; therefore legislation, regulation, and policy has been created in order to assist them in overcoming their economic stability issues and ensure they continue to serve the communities that rely on them. However, there is not a focus on regulating nor assisting small businesses to ensure their cybersecurity standards are up to par despite them increasingly becoming a victim of cyberattacks that yield high consequences. The external oversight and assistance is necessary for small businesses due to their lack of knowledge in implementing effective cybersecurity policies, the fiscal …


Breached!: Why Data Security Law Fails And How To Improve It, Woodrow Hartzog, Daniel Solove Mar 2022

Breached!: Why Data Security Law Fails And How To Improve It, Woodrow Hartzog, Daniel Solove

Books

Digital connections permeate our lives—and so do data breaches. Given that we must be online for basic communication, finance, healthcare, and more, it is remarkable how difficult it is to secure our personal information. Despite the passage of many data security laws, data breaches are increasing at a record pace. In their book, BREACHED! WHY DATA SECURITY LAW FAILS AND HOW TO IMPROVE IT (Oxford University Press 2022), Professors Daniel Solove and Woodrow Hartzog argue that the law fails because, ironically, it focuses too much on the breach itself.

Drawing insights from many fascinating stories about data breaches, Solove and …


An Overview Of Privacy Law In 2022, Daniel J. Solove, Paul M. Schwartz Jan 2022

An Overview Of Privacy Law In 2022, Daniel J. Solove, Paul M. Schwartz

GW Law Faculty Publications & Other Works

Chapter 1 of PRIVACY LAW FUNDAMENTALS (6th edition, IAPP 2022) provides an overview of information privacy law circa 2022. The chapter summarizes the common themes in privacy laws and discusses the various types of laws (federal, constitutional, state, international). It contains a list and brief summary of the most significant U.S. federal privacy laws. The heart of the chapter is an historical timeline of major developments in the law of privacy and data security, including key cases, enactments of laws, major regulatory developments, influential publications, and other significant events. The chapter also contains a curated list of important treatises and …


Breached! Why Data Security Law Fails And How To Improve It (Chapter 1), Daniel J. Solove, Woodrow Hartzog Jan 2022

Breached! Why Data Security Law Fails And How To Improve It (Chapter 1), Daniel J. Solove, Woodrow Hartzog

GW Law Faculty Publications & Other Works

Digital connections permeate our lives—and so do data breaches. Given that we must be online for basic communication, finance, healthcare, and more, it is remarkable how difficult it is to secure our personal information. Despite the passage of many data security laws, data breaches are increasing at a record pace. In their book, BREACHED! WHY DATA SECURITY LAW FAILS AND HOW TO IMPROVE IT (Oxford University Press 2022), Professors Daniel Solove and Woodrow Hartzog argue that the law fails because, ironically, it focuses too much on the breach itself.

Drawing insights from many fascinating stories about data breaches, Solove and …


Individuals As Gatekeepers Against Data Misuse, Ying Hu Dec 2021

Individuals As Gatekeepers Against Data Misuse, Ying Hu

Michigan Technology Law Review

This article makes a case for treating individual data subjects as gatekeepers against misuse of personal data. Imposing gatekeeper responsibility on individuals is most useful where (a) the primary wrongdoers engage in data misuse intentionally or recklessly; (b) misuse of personal data is likely to lead to serious harm; and (c) one or more individuals are able to detect and prevent data misuse at a reasonable cost.

As gatekeepers, individuals should have a legal duty to take reasonable measures to prevent data misuse where they are aware of facts indicating that the person seeking personal data from them is highly …


“Smart” Lawyering: Integrating Technology Competence Into The Legal Practice Curriculum, Dyane L. O'Leary May 2021

“Smart” Lawyering: Integrating Technology Competence Into The Legal Practice Curriculum, Dyane L. O'Leary

The University of New Hampshire Law Review

Technology has changed modern law practice. Ethics rules obligate lawyers to understand whether, when, and how to use it to deliver services. But most law schools do not incorporate the so-called “Duty of Technology Competence” into the required curriculum. Despite broad calls for legal education to make students more practice-ready, there is no clear path forward for how to weave this valuable professional skill into coursework for all students. This Article supplies one.

The legal practice course should pair technology competence with traditional legal writing and research work. Lawyers do not draft memos or perform legal research or manage caseloads …


Smart Cities And Sustainability: A New Challenge To Accountability?, Iria Giuffrida Apr 2021

Smart Cities And Sustainability: A New Challenge To Accountability?, Iria Giuffrida

William & Mary Environmental Law and Policy Review

From 1800 to today, the global population has shifted from only three percent living in an urban environment to well over fifty percent in 2020. As a result of urbanization, cities around the world struggle to manage traffic and waste, efficiently distribute utilities, and lower pollution to slow the progression of global warming. Smart city technologies have emerged as a tool to process cities’ various forms of data collected through networks of precisely placed sensors and map solutions to many of the environmental and social issues created by urbanization. For swelling metropolitan areas in the United States, China, and Europe …


Protection Of Data In Armed Conflict, Robin Geiss, Henning Lahmann Feb 2021

Protection Of Data In Armed Conflict, Robin Geiss, Henning Lahmann

International Law Studies

This article presents a novel way to conceptualize the protection of data in situations of armed conflict. Although the question of the targeting of data through adversarial military cyber operations and its implications for the qualification of such conduct under International Humanitarian Law has been on scholars’ and states’ radar for the last few years, there remain a number of misunderstandings as to how to think about the notion of “data.” Based on a number of fictional scenarios, the article clarifies the pertinent terminology and makes some expedient distinctions between various types of data. It then analyzes how existing international …


Hipaa-Phobia Hampers Efforts To Track And Contain Covid-19, Lee Hiromoto M.D., J.D. Jan 2021

Hipaa-Phobia Hampers Efforts To Track And Contain Covid-19, Lee Hiromoto M.D., J.D.

SLU Law Journal Online

The Health Insurance Portability and Accountability Act (HIPAA), enacted by the US Congress 1996, laudably protects medical privacy in healthcare settings. However, this federal law has created a culture of fear that limits current efforts to address the COVID-19 pandemic. Healthcare providers, who are covered by HIPAA, may be reluctant to disclose information about outbreak clusters for fear of violating the law. Healthcare organizations, who are also covered by the law, still rely on fax machines to avoid violating HIPAA’s data security requirements. And the scrupulous rule-following in healthcare has given independent life to a HIPAA boogeyman. Thus, officials who …


Data Security Using Armstrong Numbers, S. Belose, M. Malekar, S. Dhamal, G. Dharmawat, N.J. Kulkarni Aug 2020

Data Security Using Armstrong Numbers, S. Belose, M. Malekar, S. Dhamal, G. Dharmawat, N.J. Kulkarni

Undergraduate Academic Research Journal

In the real world, it is difficult to transmit data from one place to another with security. To ensure secured data transmission, universal technique called cryptography is used, which provides confidentiality of the transmitted data. In this paper Encryption and decryption process uses Armstrong number which is referred as a secret key. To make the Authentication between two intended users along with the security, server is used. With the help of server, both sender and receiver will get validated. Then actual data could be transmitted by any of the means.


Healthy Data Protection, Lothar Determann May 2020

Healthy Data Protection, Lothar Determann

Michigan Technology Law Review

Modern medicine is evolving at a tremendous speed. On a daily basis, we learn about new treatments, drugs, medical devices, and diagnoses. Both established technology companies and start-ups focus on health-related products and services in competition with traditional healthcare businesses. Telemedicine and electronic health records have the potential to improve the effectiveness of treatments significantly. Progress in the medical field depends above all on data, specifically health information. Physicians, researchers, and developers need health information to help patients by improving diagnoses, customizing treatments and finding new cures.

Yet law and policymakers are currently more focused on the fact that health …


Exploring Lawful Hacking As A Possible Answer To The "Going Dark" Debate, Carlos Liguori May 2020

Exploring Lawful Hacking As A Possible Answer To The "Going Dark" Debate, Carlos Liguori

Michigan Technology Law Review

The debate on government access to encrypted data, popularly known as the “going dark” debate, has intensified over the years. On the one hand, law enforcement authorities have been pushing for mandatory exceptional access mechanisms on encryption systems in order to enable criminal investigations of both data in transit and at rest. On the other hand, both technical and industry experts argue that this solution compromises the security of encrypted systems and, thus, the privacy of their users. Some claim that other means of investigation could provide the information authorities seek without weakening encryption, with lawful hacking being one of …


Protecting The States From Electoral Invasions, Drew Marvel Jan 2020

Protecting The States From Electoral Invasions, Drew Marvel

William & Mary Bill of Rights Journal

Since the 2016 U.S. presidential election, the threat of foreign interference in U.S. elections has loomed large in the minds of the American public. During the 2016 campaign season, Russian government-backed hackers infiltrated the networks and computers of the Democratic National Committee (DNC), the Democratic Congressional Campaign Committee (DCCC), and various campaign officials, harvesting private information and installing spyware and malware for ongoing intelligence purposes. U.S. intelligence officials have indicated that, using similar tactics, the Russian hackers also targeted election systems and officials in all fifty states, successfully breaching at least two of those states’ election systems, Illinois and Florida. …


Trimming The Fat: The Gdpr As A Model For Cleaning Up Our Data Usage, Kassandra Polanco Jan 2020

Trimming The Fat: The Gdpr As A Model For Cleaning Up Our Data Usage, Kassandra Polanco

Touro Law Review

No abstract provided.


A New Frontier Facing Attorneys And Paralegals: The Promise & Challenges Of Artificial Intelligence As Applied To Law & Legal Decision-Making, Marissa Moran Jan 2020

A New Frontier Facing Attorneys And Paralegals: The Promise & Challenges Of Artificial Intelligence As Applied To Law & Legal Decision-Making, Marissa Moran

Publications and Research

Artificial Intelligence/AI invisibly navigates and informs our lives today and may also be used to determine a client’s legal fate. Through executive order, statements by a U.S. Supreme Court justice and a Congressional Commission on AI, all three branches of the United States government have addressed the use of AI to resolve societal and legal matters. Pursuant to the American Bar Association Model Rules of Professional Conduct[i] and New York Rules of Professional Conduct (NYRPC), [ii] the legal profession recognizes the need for competency in technology which requires both substantive knowledge of law and competent use of technology for …


Breaches Within Breaches: The Crossroads Of Erisa Fiduciary Responsibilities And Data Security, Gregg Moran Feb 2019

Breaches Within Breaches: The Crossroads Of Erisa Fiduciary Responsibilities And Data Security, Gregg Moran

University of Miami Law Review

Although the drafters of the Employee Retirement Income Security Act of 1974 (“ERISA”) likely could not have anticipated the data security issues of the twenty-first century, ERISA’s duty of prudence almost certainly requires employee benefit plan fiduciaries to protect sensitive participant data in at least some manner. This Article suggests the Department of Labor should issue a regulation clarifying fiduciaries’ data security obligations. Given that fiduciaries are in the best positions to recognize their plans’ individual security needs and capabilities, the regulation should not attempt to micromanage fiduciaries’ substantive data security policies; rather, it should focus on the procedures by …


A Skeptical View Of Information Fiduciaries, Lina M. Khan, David E. Pozen Jan 2019

A Skeptical View Of Information Fiduciaries, Lina M. Khan, David E. Pozen

Faculty Scholarship

The concept of "information fiduciaries" has surged to the forefront of debates on online platform regulation. Developed by Professor Jack Balkin, the concept is meant to rebalance the relationship between ordinary individuals and the digital companies that accumulate, analyze, and sell their personal data for profit. Just as the law imposes special duties of care, confidentiality, and loyalty on doctors, lawyers, and accountants vis- à -vis their patients and clients, Balkin argues, so too should it impose special duties on corporations such as Facebook, Google, and Twitter vis-à-vis their end users. Over the past several years, this argument has garnered …


A Skeptical View Of Information Fiduciaries, Lina Khan, David E. Pozen Jan 2019

A Skeptical View Of Information Fiduciaries, Lina Khan, David E. Pozen

Faculty Scholarship

The concept of “information fiduciaries” has surged to the forefront of debates on online-platform regulation. Developed by Professor Jack Balkin, the concept is meant to rebalance the relationship between ordinary individuals and the digital companies that accumulate, analyze, and sell their personal data for profit. Just as the law imposes special duties of care, confidentiality, and loyalty on doctors, lawyers, and accountants vis-à-vis their patients and clients, Balkin argues, so too should it impose special duties on corporations such as Facebook, Google, and Twitter vis-à-vis their end users. Over the past several years, this argument has garnered remarkably broad support …


Who Are The Real Cyberbullies: Hackers Or The Ftc? The Fairness Of The Ftc’S Authority In The Data Security Context, Jaclyn K. Haughom Nov 2017

Who Are The Real Cyberbullies: Hackers Or The Ftc? The Fairness Of The Ftc’S Authority In The Data Security Context, Jaclyn K. Haughom

Catholic University Law Review

As technology continues to be an integral part of daily life, there lies an ever-increasing threat of the personally identifiable information of consumers being lost, stolen, or accessed without authorization. The Federal Trade Commission (FTC) is the U.S. government’s primary consumer protection agency and the country’s lead enforcer against companies subject to data breaches. Although the FTC lacks explicit statutory authority to enforce against data breaches, the Commission has successfully relied on Section 5 of the FTC Act (FTCA) to exercise its consumer protection power in the data security context. However, as the FTC continues to take action against businesses …


Cybersecurity Stovepiping, David Thaw Jan 2017

Cybersecurity Stovepiping, David Thaw

Articles

Most readers of this Article probably have encountered – and been frustrated by – password complexity requirements. Such requirements have become a mainstream part of contemporary culture: "the more complex your password is, the more secure you are, right?" So the cybersecurity experts tell us… and policymakers have accepted this "expertise" and even adopted such requirements into law and regulation.

This Article asks two questions. First, do complex passwords actually achieve the goals many experts claim? Does using the password "Tr0ub4dor&3" or the passphrase "correcthorsebatterystaple" actually protect your account? Second, if not, then why did such requirements become so widespread? …


Health Information Equity, Craig Konnoth Jan 2017

Health Information Equity, Craig Konnoth

Publications

In the last few years, numerous Americans’ health information has been collected and used for follow-on, secondary research. This research studies correlations between medical conditions, genetic or behavioral profiles, and treatments, to customize medical care to specific individuals. Recent federal legislation and regulations make it easier to collect and use the data of the low-income, unwell, and elderly for this purpose. This would impose disproportionate security and autonomy burdens on these individuals. Those who are well-off and pay out of pocket could effectively exempt their data from the publicly available information pot. This presents a problem which modern research ethics …


Standing After Snowden: Lessons On Privacy Harm From National Security Surveillance Litigation, Margot E. Kaminski Jan 2017

Standing After Snowden: Lessons On Privacy Harm From National Security Surveillance Litigation, Margot E. Kaminski

Publications

Article III standing is difficult to achieve in the context of data security and data privacy claims. Injury in fact must be "concrete," "particularized," and "actual or imminent"--all characteristics that are challenging to meet with information harms. This Article suggests looking to an unusual source for clarification on privacy and standing: recent national security surveillance litigation. There we can find significant discussions of what rises to the level of Article III injury in fact. The answers may be surprising: the interception of sensitive information; the seizure of less sensitive information and housing of it in a database for analysis; and …


Disruptive Platforms, Margot Kaminski Jan 2017

Disruptive Platforms, Margot Kaminski

Publications

No abstract provided.


The Privacy Policymaking Of State Attorneys General, Danielle K. Citron Dec 2016

The Privacy Policymaking Of State Attorneys General, Danielle K. Citron

Faculty Scholarship

Accounts of privacy law have focused on legislation, federal agencies, and the self-regulation of privacy professionals. Crucial agents of regulatory change, however, have been ignored: the state attorneys general. This article is the first in-depth study of the privacy norm entrepreneurship of state attorneys general. Because so little has been written about this phenomenon, I engaged with primary sources — first interviewing state attorneys general and current and former career staff, and then examining documentary evidence received through FOIA requests submitted to AG offices around the country.

Much as Justice Louis Brandeis imagined states as laboratories of the law, offices …


A Day In Court For Data Breach Plaintiffs: Preserving Standing Based On Increased Risk Of Identity Theft After Clapper V. Amnesty International Usa, Thomas Martecchini Jun 2016

A Day In Court For Data Breach Plaintiffs: Preserving Standing Based On Increased Risk Of Identity Theft After Clapper V. Amnesty International Usa, Thomas Martecchini

Michigan Law Review

Following a data breach, consumers suffer an increased risk of identity theft because of the exposure of their personal information. Limited protection by data-breach statutes has made it difficult for consumers to seek compensation for these injuries and penalize the companies that fail to protect their information, leading consumers to bring common law claims in court. Yet courts have disagreed about whether an increased risk of identity theft qualifies as an injury-in-fact under Article III standing principles: the Seventh and Ninth Circuits have approved of increased risk standing, while the Third Circuit has rejected it. The Supreme Court has further …