Web-based connections permeate our lives – and so do data breaches. Given that we must be online for basic communication, finance, healthcare, and more, it is remarkable how many problems there are with cybersecurity. Despite the passage of many data security laws, data breaches are increasing at a record pace. In Breached!, Daniel Solove and Woodrow Hartzog, two of the world”s leading experts on cybersecurity and privacy issues, argue that the law fails because, ironically, it focuses too much on the breach itself. Drawing insights from many fascinating stories about data breaches, Solove and Hartzog show how major breaches could have been prevented through inexpensive, non-cumbersome means. They also reveal why the current law is counterproductive. It pummels organizations that have suffered a breach, but doesn’t recognize other contributors to the breach. These outside actors include software companies that create vulnerable software, device companies that make insecure devices, government policymakers who write regulations that increase security risks, organizations that train people to engage in risky behaviors, and more. The laws also ignore the role that good privacy practices can play. Although humans are the weakest link for data security, the law remains oblivious to the fact that policies and technologies are often designed with a poor understanding of human behavior. Breached! corrects this course by focusing on the human side of security. This book sets out a holistic vision for data security law – one that holds all actors accountable, understands security broadly and in relationship to privacy, looks to prevention rather than reaction, and is designed with people in mind. The book closes with a roadmap for how we can reboot law and policy surrounding cybersecurity so that breaches become much rarer events.
