Unifying Privacy and Data Security
Chapter 7 of BREACHED! WHY DATA SECURITY LAW FAILS AND HOW TO IMPROVE IT (Oxford University Press 2022)
Boston Univ. School of Law Research Paper No. 4173764
36 Pages Posted: 3 Aug 2022 Last revised: 22 Sep 2022
Date Written: July 27, 2022
Abstract
This book chapter discusses the relationship between privacy and data security. Privacy is a key and underappreciated aspect of data security. Right now, there is a schism between privacy and security in companies. Privacy functions are commonly addressed by the compliance and legal departments, while security is handled by the information technology department. The two areas are commonly split apart and rarely speak to each other.
The chapter argues that we should bridge data security and privacy and make them go hand-in-hand in both law and policy. Strong privacy rules help create accountability for the collection, use, and dissemination of personal information and can reduce vulnerabilities and risk by minimizing the use and retention of personal information. Good privacy strengthens security. The chapter specifically focuses on the importance of data minimization and data mapping as privacy practices that have tremendous benefits for data security.
This piece is Chapter 7 of Daniel J. Solove and Woodrow Hartzog's book, BREACHED! WHY DATA SECURITY LAW FAILS AND HOW TO IMPROVE IT (Oxford University Press 2022). In the book, Professors Solove and Hartzog explore the shortcomings of data security law. They argue that the law fails because, ironically, it focuses too much on the breach itself.
Keywords: data security, cybersecurity, data breach, privacy, relationship between privacy and security, data minimization, data mapping
Suggested Citation: Suggested Citation