August 2023

Daniel J Solove is Professor of Law at the George Washington University Law School and Woodrow Hartzog is Professor of Law and Computer Science at Northeastern University School of Law and the Khoury College of Computer Science.

The premise of the book (as the title says!) is that, rather than reducing risk and minimising harms, our current approach to data breaches, at best, doesn’t help and, at worst, is actually causing the problems. That is a pretty shocking assertion. Think about how much time, money and effort is put into data security.

How often do we stop to take a breath and to consider how effectively those resources are being expended and whether there are alternative, better, more impactive ways to deal with the problem.

In the book, Solove and Hartzog call for us to rethink the foundations of our current approach and focus more on the role we as humans play in data security.

They argue that only by having a more holistic vision of data security, designed with people at the heart, can we hope to get ourselves out of this endless loop of every year being “the year of the data breach”; a problem they describe as “spiralling out of control”.

With such high quality authors, this was always going to be a rich and rewarding read and it doesn’t disappoint. It concludes by giving the reader a summary of the blueprint of their vision.

This is very much aimed at law-makers, talking of what the laws in this area need to be doing. So this book is an essential read for anyone with responsibility for creating, implementing or overseeing laws and regulations.

But there is also much in the book that will help anyone with even a passing interest in the epidemic of data mismanagement and the real-world impacts that has (aka all of us!) to look at the issue from a different perspective.