Professor Woodrow Hartzog and I have posted on SSRN another free chapter from our recent book. The chapter is entitled Unifying Privacy and Data Security.
The chapter is about the relationship between privacy and data security, and it can be read as a stand-alone essay. With our publisher’s gracious permission, we’re making this chapter available to download for free. Here’s the abstract:
Unifying Privacy and Data Security
This book chapter discusses the relationship between privacy and data security. Privacy is a key and underappreciated aspect of data security. Right now, there is a schism between privacy and security in companies. Privacy functions are commonly addressed by the compliance and legal departments, while security is handled by the information technology department. The two areas are commonly split apart and rarely speak to each other.
The chapter argues that we should bridge data security and privacy and make them go hand-in-hand in both law and policy. Strong privacy rules help create accountability for the collection, use, and dissemination of personal information and can reduce vulnerabilities and risk by minimizing the use and retention of personal information. Good privacy strengthens security. The chapter specifically focuses on the importance of data minimization and data mapping as privacy practices that have tremendous benefits for data security.
This piece is Chapter 7 of my book with Woodrow Hartzog, BREACHED! WHY DATA SECURITY LAW FAILS AND HOW TO IMPROVE IT (Oxford University Press 2022). In the book, we explore the shortcomings of data security law. We argue that the law fails because, ironically, it focuses too much on the breach itself.
Daniel J. Solove is John Marshall Harlan Research Professor of Law at George Washington University Law School. He is the founder of TeachPrivacy, a company that provides computer-based privacy and data security training.
NEWSLETTER: Subscribe to Professor Solove’s free newsletter
TWITTER: Follow Professor Solove on Twitter.