Roosevelt House is pleased to present a discussion—on Zoom only—of the new book Breached!: Why Data Security Law Fails and How to Improve it by Daniel J. Solove and Woodrow Hartzog. In this important new analysis, authors Solove and Hartzog explore how the laws intended to protect our data may actually contribute to its insecurity—and offer a bold way of rethinking them. The authors will be in conversation with security technologist Bruce Schneier.

From basic communication to finance to healthcare, some of the most important and sensitive aspects of our lives are conducted online; and despite the many data security laws and policies intended to secure our personal information, data breaches continue to rise at a record pace.

Drawing insight from a range of fascinating stories about data breaches, Breached! delves into how major breaches could have been prevented or mitigated through a different approach to data security. Current law, the authors argue, is counterproductive: it punishes organizations that have suffered a breach without addressing other actors that contribute to the problem—including software companies, device manufacturers, and policymakers who write regulations that increase security risks.

In Breached!, Daniel Solove and Woodrow Hartzog, two of the world’s leading experts on privacy and data security, argue that the law fails because, ironically, it focuses too much on the breach itself—and not enough on the vulnerabilities on the human side of security. Drawing from public health theory and a nuanced understanding of risk, Solove and Hartzog set out a bold and holistic new vision for data security law.

Daniel J. Solove is the John Marshall Harlan Research Professor of Law at the George Washington University Law School. He is also the founder of TeachPrivacy, a company that provides privacy and data security training programs to businesses, law firms, healthcare institutions, schools, and other organizations. He is the author of textbooks and books including Understanding Privacy; The Digital Person: Technology and Privacy in the Information Age; and Nothing to Hide: The False Tradeoff between Privacy and Security. Solove blogs at Privacy+Security Blog and as a LinkedIn “thought leader.”

Woodrow Hartzog is a Professor of Law and Computer Science at Northeastern University School of Law and the Khoury College of Computer Sciences. His research on privacy, media, and robotics has been published in the Yale Law Journal, Columbia Law Review, California Law Review, and popular publications including The Guardian, Wired, Bloomberg, New Scientist, Slate, The Atlantic and The Nation.  He is the author of Privacy’s Blueprint: The Battle to Control the Design of New Technologies.

Bruce Schneier (HCHS ’81) is a security technologist—referred to by The Economist as a “security guru”—and the author of Click Here to Kill Everybody: Security and Survival in a Hyper-connected World; Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World; and Beyond Fear: Thinking Sensibly About Security in an Uncertain World. A fellow at the Berkman-Klein Center for Internet and Society at Harvard University and Lecturer in Public Policy at the Harvard Kennedy School, he publishes the newsletter Crypto-Gram and blog Schneier on Security.

Breached!: Why Data Security Law Fails and How to Improve it | Posted on May 31st, 2022 | Book Discussions, Public Programs