title for Data Losses note
home | about | site use | resources | publications | timeline |::| blaw

overview

networks

tapes

laptops

sale

law

prevention

responses

studies

costs














related pages icon
related
Guides:

Security &
InfoCrime

Consumers
& Trust

ID Theft,
ID Fraud

















section heading icon     studies

This page highlights some of the literature on large scale exposure of sensitive consumer information.

It covers -

Points of entry to the literature on liability and consumer responsibility are highlighted here.

     responsibilities

For Australia see in particular Margaret Jackson's Hughes on Data Protection Law in Australia (Pyrmont: LawBook 2001) and the discussion in the Australian Law Reform Commission's 2008 For Your Information: Australian Privacy Law & Practice report.

US and Canadian items include -

  • 'Negligence Liability for Breaches of Data Security' by Jennifer Chandler in 23 Banking & Finance Law Review (2008), 223-247
  • 'Identity Theft: The US Legal Environment and Organisations' Related Responsibilities' by Gregory Gerard, William Hillison & Carl Pacini in 12(1) Journal of Financial Crime (2004), 33-43
  • 'Financial Institutions' Duty of Confidentiality to Keep Customer's Personal information Secure from the Threat of Identity Theft' by Brandon McKelvey in 34 UC Davis Law Review (2001), 1077-1128
  • 'Identity Theft: Making the Known Unknowns Known' by Chris Hoofnagle in 21 Harvard Journal of Law and Technology (2007)
  • 'The Jewel Of Their Souls: Preventing Identity Theft Through Loss Allocation Rules' by Jeff Sovern in 64 University of Pittsburgh Law Review (2003), 343-406
  • 'Reservoirs Of Danger: The Evolution Of Public And Private Law At The Dawn Of The Information Age' by Danielle Citron in 80 Southern California Law Review (2007), 241-96
  • 'Identity Theft And Consumer Protection: Finding Sensible Approaches To Safeguard Personal Data In The United States And Canada' by Kamaal Zaidi in 19(2) Loyola Consumer Law Review (2007), 99-150
  • 'The Recognition Of A Negligence Cause Of Action For Victims Of Identity Theft: Someone Stole My Identity, Now Who Is Going To Pay For It?' by Anthony White in 88(4) Marquette Law Review (2005), 847-866
  • 'After Billions Spent To Comply With HIPAA And GLBA Privacy Provisions, Why Is Identity Theft The Most Prevalent Crime In America?' by R. Bradley McMahon in 49(3) Villanova Law Review (2004), 625-660
  • 'Identity Theft: Myths, Methods, And New Law' by Holly Towle in 30(2) Rutgers Computer & Technology Law Journal (2004), 237-326
  • 'Data Rape: Assault By An Unknown Predator - The Supreme Court Went Wrong In TRW, Inc. V. Andrews' by Latasha McDade in 45 South Texas Law Review (2004), 395-417
  • 'Cybersecurity, Identity Theft, And The Limits Of Tort Liability' by Vincent Johnson in 57 South Carolina Law Review (2005)
  • 'Invasion of the Information Snatchers: Creating Liability for Corporations with Vulnerable Computer Networks' by Sarah Faulkner in 18 John Marshall Journal of Computer & Information Law (2000), 1019
  • 'Protecting The Most Valuable Corporate Asset: Electronic Data, Identity Theft, Personal Information, And The Role Of Data Security In The Information Age' by Kenneth Siegel in 111 Penn State Law Review (2007)
  • 'Negligent Entrustment Liability for Outsourced Data' by Michael Rustad & Thomas Koenig in 10 Journal of Internet Law (2007), 10
  • 'The Tort of Negligent Enablement of Cybercrime' by Rustad & Koenig in 20 Berkeley Technology Law Journal (2005), 1553

     reporting

Works on mandatory reporting in the US include -

  • 'Identity Theft: Plugging The Massive Data Leaks With A Stricter Nationwide Breach-Notification Law' by Amanda Draper in 40 John Marshall Law Review (2007)
  • 'Identity Theft, Privacy, And The Architecture Of Vulnerability' by Daniel Solove in 54 Hastings Law Journal (2003)
  • 'Gauging The Effectiveness Of Us Identity Theft Legislation' by Robert Holtfreter & Kristy Holtfreter in 13(1) Journal of Financial Crime (2006), 56-64
  • 'Database Security Breach Notification Statutes: Does Placing The Responsibility On The True Victim Increase Data Security?' by Lilia Rode in 43 Houston Law Review (2007)
  • 'California's Database Breach Notification Security Act: The First State Breach Notification Law Is Not Yet A Suitable Template For National Identity Theft Legislation' by Timothy Skinner in 10 Richmond Journal of Law and Technology (2003)
  • 'The Misplaced Role Of Identity Theft In Triggering Public Notice Of Database Breaches' by Brendan St. Amant in 44 Harvard Journal on Legislation (2007)
  • 'A Case of Mistaken Identity? News Accounts of Hacker, Consumer, and Organizational Responsibility for Compromised Digital Records' by Kris Erickson & Philip Howard in 12(4) Journal of Computer-Mediated Communication (2007) | here

     offshoring

Data loss in relation to offshoring remains a monster under the bed, polemicised in literature by politicians and labour activists but as yet without extensive coverage in law journals. US items include -

  • '"I Just Bought A Flat Screen T.V. In Kolkata?" Application of Laws for International Outsourcing Related Identity Theft' by Samantha Grant in 11 University of Pittsburgh Journal of Technology Law & Policy (2006)

     economics

Salient items regarding IT security economics are -

  • Ross Anderson's 2001 Why Information Security is Hard: An Economic Perspective (PDF)
  • Lawrence Gordon & Martin Loeb's 'The Economics of Information Security Investment' in Economics of Information Security (Dordrecht: Kluwer Academic 2004) edited by L Jean Camp & Stephen Lewis
  • Robert Hahn & Anne Layne-Farrar's 2006 The Law and Economics of Software Security (PDF)

Other works are highlighted here.










icon for link to next page   next page (costs)

 


this site
the web

Google

version of August 2008
© Bruce Arnold
caslon.com.au | caslon analytics