Deirdre Mulligan came to South Hall and spoke to the UC Berkeley School of Information on February 13, 2008. The audio for her talk is available here:
Bio
Deirdre K. Mulligan is the director of the Samuelson Law, Technology &
Public Policy Clinic and a clinical professor of law at the UC
Berkeley School of Law (Boalt Hall). Before coming to Boalt, she was
staff counsel at the Center for Democracy & Technology in Washington.
Through the clinic, Mulligan and her students foster the public’s
interest in new computer and communication technology by engaging in
client advocacy and interdisciplinary research, and by participating
in developing technical standards and protocols. The clinic’s work has
advanced and protected the public’s interest in free expression,
individual privacy, balanced intellectual property rules, and secure,
reliable, open communication networks.
Mulligan writes about the risks and opportunities technology presents
to privacy, free expression, and access and use of information goods.
Recent publications about privacy include: “Storing Our Lives Online:
Expanded Email Storage Raises Complex Policy Issues,” with Ari
Schwartz and Indrani Mondal, forthcoming 2005, I/S: A Journal of Law
and Policy for the Information Society; and, “Reasonable Expectations
in Electronic Communications: A Critical Perspective on the Electronic
Communications Privacy Act,” 72 Geo. Wash. L. Rev. 1557 (2004).
Mulligan was a member of the National Academy of Sciences Committee on
Authentication Technology and Its Privacy Implications; the Federal
Trade Commission’s Federal Advisory Committee on Online Access and
Security, and the National Task Force on Privacy, Technology, and
Criminal Justice Information. She was a vice-chair of the California
Bipartisan Commission on Internet Political Practices and chaired the
Computers, Freedom, and Privacy (CFP) Conference in 2004. She is
currently a member of the California Office of Privacy Protection’s
Advisory Council and a co-chair of Microsoft’s Trustworthy Computing
Academic Advisory Board. She serves on the board of the California
Voter Foundation and on the advisory board of the Electronic Frontier
Foundation.
Abstract
The California Security Breach Information Act (AB 700/SB 1386) has
been adopted, with modest modifications, by 39 additional states and
the District of Columbia. This law encourages firms to adopt sounder
security investments by requiring them to notify individuals of
security breaches of their personal information.
The use of compulsory information disclosures as a regulatory tool is
an important, modern, development in American law. The Toxics Release
Inventory (TRI), a publicly available EPA database that contains
information on toxic chemical releases and other waste management
activities, established under the Emergency Planning and Community
Right-to-Know Act of 1986 (EPCRA) is credited with providing
incentives for reductions and better management of toxic chemicals by
firms eager to avoid reporting releases and with providing information
essential to citizen and government oversight, engagement and action.
The California Security Breach Information Act was modeled on the TPRI.
Based on research documenting how the specific aspects of the
EPCRA—including standardized, centralized and electronic reporting and
public accessibility of data—the reported incidents, and the
non-profit community contributed to its successes, as well as
qualitative interviews of security and privacy professionals within
firms about security investments and the effects of security breach
notification laws in particular, this paper considers the extent to
which the current structure of security breach notification laws are
producing a “race-to-the-top” with respect to information security and
makes recommendations for statutory reforms aimed at facilitating such
a race by enabling greater public oversight, cross-firm learning,
market activity, and targeted regulatory intervention.
Sorry, the comment form is closed at this time.