Thursday, December 13, 2007

Privacy Red Tape

One argument I often hear (and not just in the privacy context) is that regulation is just red tape - it imposes costs on businesses, it doesn't achieve it's stated goals, and we'd be better off without it. However, a new study of Chief Security Officers from the University of California-Berkeley School of Law indicates that (at least on the context of security breach notification laws), that argument is simply wrong. Among the study's other findings:

Breach notification laws have significantly contributed to heightened awareness of the importance of information security throughout all levels of a business organization and to development of a level of cooperation among different departments within an organization that resulted from the need to monitor data access for the purposes of detecting, investigating, and reporting breaches. CSOs reported that breach notification duties empowered them to implement new access controls, auditing measures, and encryption. Aside from the organization's own efforts at complying with notification laws, reports of breaches at other organizations help information officers maintain that sense of awareness.

In any case, probably not a big surprise to those of us who are already concerned about privacy, but something to keep in mind if confronted with arguments that privacy regulation won't help consumers in any case.

Via Schneier on Security.

1 comment:

Scholar said...

Hello all!

Nice to see I'm not the only one interested in this topic. I've just created a blog in which I talk about international politics. My last post is titled 'On technology, privacy, and other challenges in the XXI century'. It talks about cameras, databases, and how Governments and Corporations should manage that data. Feel free to take a look and comment or post there if you want. It doesn't have any advertising.

It's here:

See ya!