The chapter tells the story of the Target breach and the lessons that can be learned from it about the shortcomings of data security law.
Drawing insights from many fascinating stories about data breaches, professors Daniel Solove and Woodrow Hartzog show how major breaches could have been prevented or mitigated through better rules and often inexpensive, non-cumbersome means. They also reveal why the current law is counterproductive. It pummels organizations that have suffered a breach but doesn’t recognize how others contribute to the breach. These outside actors include software companies that create vulnerable software, device companies that make insecure devices, government policymakers who write regulations that increase security risks, organizations that train people to engage in risky behaviors, and more.