Document Type
Article
Publication Date
2022
Status
Accepted
Abstract
This short essay discusses why data security law fails to effectively combat data breaches, which continue to increase. With a few exceptions, current laws about data security do not look too far beyond the blast radius of the most data breaches. Only so much marginal benefit can be had by increasing fines to breached entities. Instead, the law should target a broader set of risky actors, such as producers of insecure software and ad networks that facilitate the distribution of malware. Organizations that have breaches almost always could have done better, but there’s only so much marginal benefit from beating them up. Laws could focus on holding other actors more accountable, so responsibility is more aptly distributed.
GW Paper Series
2023-24
SSRN Link
https://ssrn.com/abstract=4326723
Recommended Citation
Scientific American (July 2022)