March 01, 2018

Why It’s Now Time for an Internationally Harmonized Legal Regime for Information Security and Privacy

By Charles Cresson Wood, William S. Rogers Jr., and Ralph Spencer Poore

Recent events provide ample examples of the dramatic and serious damage done by failures associated with the current information security and privacy rulemaking system. Consider that the software VW developed to defeat smog emissions testing, arguably a computer crime of multinational proportions, went undetected for six years.1 On another note, a large region in the Ukraine with 230,000 affected people was plunged into an electrical blackout via a sophisticated power grid sabotage attack perpetrated by hackers, an attack that disabled not only the existing grid but also grid backup systems.2 Also consider that a nation-state (allegedly North Korea) attacked a major corporation (Sony Pictures); the attack was so devastating to information security and privacy systems that management at the victimized firm were left communicating only with traditional landline telephone systems and paper memos.3 While many other recent examples could be cited, it is clear that current information security and privacy losses are spiraling out of control, and the applicable laws and regulations and the supporting infrastructure (such as law enforcement) are collectively failing to control these mounting and often devastating losses.

Premium Content For:
  • Science and Technology Law Section
Join - Now