This book chapter was originally written for a conference on privacy and security at Stanford Law School held in March 2004. The chapter argues that abuses of personal information are caused by the failure to regulate the way companies manage personal information. Despite taking elaborate technological measures to protect their data systems, companies readily disseminate the personal information they have collected to a host of other entities and sometimes even to anyone willing to pay a small fee. Companies provide access to their record systems over the phone to anybody in possession of a few easy-to-find pieces of personal information such as Social Security numbers, birth dates, and mothers' maiden names. Reforming this problematic state of affairs requires a rethinking of the way the law comprehends the abuse of personal information. The law fails to focus on the causes of information abuses; instead, it becomes involved when information misuses such as identity theft actually occur, not earlier on in the process. If the law addressed information leaks and insecurity, it would more effectively curtail abuses.
GW Paper Series
GWU Law School Public Law Research Paper No. 102
Daniel J. Solove, The New Vulnerability: Data Security and Personal Information in SECURING PRIVACY IN THE INTERNET AGE (Radin & Chander, eds., Stanford University Press, 2008).