What do you think?
Rate this book
Breached!: Why Data Security Law Fails and How to Improve it
A novel account of how the law contributes to the insecurity of our data and a bold way to rethink it.
Digital connections permeate our lives-and so do data breaches. Given that we must be online for basic communication, finance, healthcare, and more, it is alarming how difficult it is to create rules for securing our personal information. Despite the passage of many data security laws, data breaches are increasing at a record pace. In Breached! , Daniel Solove and Woodrow Hartzog, two of the world's leading experts on privacy and data security, argue that the law fails because, ironically, it focuses too much on the breach itself.
Drawing insights from many fascinating stories about data breaches, Solove and Hartzog show how major breaches could have been prevented or mitigated through a different approach to data security rules. Current law is counterproductive. It pummels organizations that have suffered a breach but doesn't address the many other actors that contribute to the software companies that create vulnerable software, device companies that make insecure devices, government policymakers who write regulations that increase security risks, organizations that train people to engage in risky behaviors, and more.
Although humans are the weakest link for data security, policies and technologies are often designed with a poor understanding of human behavior. Breached! corrects this course by focusing on the human side of security. Drawing from public health theory and a nuanced understanding of risk, Solove and Hartzog set out a holistic vision for data security law-one that holds all actors accountable, understands security broadly and in relationship to privacy, looks to prevention and mitigation rather than reaction, and works by accepting human limitations rather than being in denial of them. The book closes with a roadmap for how we can reboot law and policy surrounding data security.
Digital connections permeate our lives-and so do data breaches. Given that we must be online for basic communication, finance, healthcare, and more, it is alarming how difficult it is to create rules for securing our personal information. Despite the passage of many data security laws, data breaches are increasing at a record pace. In Breached! , Daniel Solove and Woodrow Hartzog, two of the world's leading experts on privacy and data security, argue that the law fails because, ironically, it focuses too much on the breach itself.
Drawing insights from many fascinating stories about data breaches, Solove and Hartzog show how major breaches could have been prevented or mitigated through a different approach to data security rules. Current law is counterproductive. It pummels organizations that have suffered a breach but doesn't address the many other actors that contribute to the software companies that create vulnerable software, device companies that make insecure devices, government policymakers who write regulations that increase security risks, organizations that train people to engage in risky behaviors, and more.
Although humans are the weakest link for data security, policies and technologies are often designed with a poor understanding of human behavior. Breached! corrects this course by focusing on the human side of security. Drawing from public health theory and a nuanced understanding of risk, Solove and Hartzog set out a holistic vision for data security law-one that holds all actors accountable, understands security broadly and in relationship to privacy, looks to prevention and mitigation rather than reaction, and works by accepting human limitations rather than being in denial of them. The book closes with a roadmap for how we can reboot law and policy surrounding data security.
256 pages, Hardcover
Published March 1, 2022
10 people are currently reading
1077 people want to read
About the author
Daniel J. Solove
33 books37 followersDaniel J. Solove is the Eugene L. and Barbara A. Bernard Professor of Intellectual Property and Technology Law at the George Washington University Law School. He is also the founder of TeachPrivacy, a company that provides privacy and data security training programs to businesses, law firms, healthcare institutions, schools, and other organizations. One of the world’s leading experts in privacy law, Solove is the author of 10+ books and textbooks and 100+ articles. His articles have appeared in the Harvard Law Review, Yale Law Journal, Stanford Law Review, and Columbia Law Review, among others. Professor Solove writes at LinkedIn as of its “thought leaders,” and he has more than 1 million followers. He more routinely blogs at Privacy+Security Blog, https://www.teachprivacy.com/privacy-...
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 5 of 5 reviews
July 7, 2022
Thanks to Oxford University Press for my ARC of “Breached! Why Data Security Law Fails and How to Improve It” by Daniel Solove and Woodrow Hartzog for an honest review.
This is simply a well-written, highly intelligent, extremely well-researched, and fascinating thought-out and thought-provoking book on exactly what it says it is: the current legal failure of data security and how to start fixing these massive issues that affect every single one of us. This book starts with the 2013 Target breach we all remember with horror and points out that the true “actors” (criminals) who created this breach (and most other breaches) often walk away scott free while anger is focused on the company left holding the bag. (Target lost nearly $300 million from that single breach, despite having top-notch security and 24/7 monitoring across the globe. Read the book to find out how humans undermined Target’s security—it’s fascinating.).
“As more devices, appliances, and vehicles are hooked up to the Internet, physical safety is at grave risk. Hackers can break into our home devices. They can peer at our children through our baby cameras. They can snoop around through our home security cameras. They can listen in on us through our home assistant devices. They can gain control of our cars. They can also hack into implantable devices in our bodies, such as pacemakers or insulin pumps.” So why are these criminals getting away with it?!! And how can this be better prevented? Why have laws since the 1970s not done much in the last 50 years?
“The most important thing people can do to protect themselves is to get angry at their lawmakers for not passing the adequate laws. Without legal change, data security isn’t likely to improve.”
We’re all responsible for getting data security laws changed by understanding what the threat is and what we can do., and this amazing book lays it all out in excellent layman’s terms with an abundance of cases. The “Holistic Approach” suggested takes the focus away from focusing on data breaches themselves to instead focusing on the data ecosystem. Would have loved to take this class in university!!! This would be a great textbook for that class. Sign me up!!
This is simply a well-written, highly intelligent, extremely well-researched, and fascinating thought-out and thought-provoking book on exactly what it says it is: the current legal failure of data security and how to start fixing these massive issues that affect every single one of us. This book starts with the 2013 Target breach we all remember with horror and points out that the true “actors” (criminals) who created this breach (and most other breaches) often walk away scott free while anger is focused on the company left holding the bag. (Target lost nearly $300 million from that single breach, despite having top-notch security and 24/7 monitoring across the globe. Read the book to find out how humans undermined Target’s security—it’s fascinating.).
“As more devices, appliances, and vehicles are hooked up to the Internet, physical safety is at grave risk. Hackers can break into our home devices. They can peer at our children through our baby cameras. They can snoop around through our home security cameras. They can listen in on us through our home assistant devices. They can gain control of our cars. They can also hack into implantable devices in our bodies, such as pacemakers or insulin pumps.” So why are these criminals getting away with it?!! And how can this be better prevented? Why have laws since the 1970s not done much in the last 50 years?
“The most important thing people can do to protect themselves is to get angry at their lawmakers for not passing the adequate laws. Without legal change, data security isn’t likely to improve.”
We’re all responsible for getting data security laws changed by understanding what the threat is and what we can do., and this amazing book lays it all out in excellent layman’s terms with an abundance of cases. The “Holistic Approach” suggested takes the focus away from focusing on data breaches themselves to instead focusing on the data ecosystem. Would have loved to take this class in university!!! This would be a great textbook for that class. Sign me up!!
May 8, 2024
Amazing story telling skill! The book effectively explains legal issues and theoretical shortcomings to wide range of audiences. I felt how sincerely the authors wanted people to know about what’s happening to their privacy.
July 2, 2022
I read this for work, so it was never going to be a thrilling page-turner. However, it informed the way I am thinking about privacy and security issues and I think it will influence some of my current projects. Actually, it already has influenced some of the things I am working on. Worth the read to use it as a citation. And for that - I'm thrilled.
March 24, 2024
First heard of this book after volunteering at Solove’s conference. Solove and Hartzog provide an easily readable, comprehensive anatomy of the data breach, from both micro and macro levels. Great for both industry insiders and outsiders alike, the pair propose a legal paradigm shift for addressing breaches while also proposing tips for individuals hoping to avoid becoming the weak link in a system and entry point for malfeasants. As a privacy wonk, the connections made between breaches and privacy harms were most memorable. Their prescription for perspective change is accurate — but also doesn’t stray far enough from being simply a nebulous suggestion for my taste. Nonetheless, a worthy contribution to the privacy and security discourse.
September 9, 2022
Thank you #goodreadsgiveaway for allowing me to review. Dense reading but informative. Important reading for anyone interested in privacy and security.
Displaying 1 - 5 of 5 reviews