Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
ATZ-Fachkongress

Chassis.tech plus 2024


4 Kongresse in einer Veranstaltung

Treffen Sie in München die Fachleute von Chassis, Lenkung, Bremsen sowie Reifen/Räder.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
New Civic Responsibilities for Online Service Providers Kapitel lesen Erstes Kapitel lesen

2017 | OriginalPaper | Buchkapitel

5. Speaking Truth to/as Victims – A Jurisprudential Analysis of Data Breach Notification Laws

verfasst von : Burkhard Schafer

Erschienen in: The Responsibilities of Online Service Providers

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

This paper analyses Data Breach Notification Duties from a jurisprudential perspective. DBNDs impose duties on people who are victims of a crime, duties whose violation in turn can trigger criminal sanctions. To analyze what type of duties a democratic society under the rule of law can impose on victims, we need a conceptual framework that links duties to participate in crime investigation and prosecution to specific roles a person can have in relation to a crime. Duff and Marshall have developed such a theory of the criminal law, which the paper applies to DBNLs, combining their approach with Floridi’s concept of the infosphere.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Is Google Responsible for Providing Fair and Unbiased Results?
Nächstes Kapitel Did the Romans Get It Right? What Delfi, Google, eBay, and UPC TeleKabel Wien Have in Common
Fußnoten
1
United States v. ChoicePoint, Inc., No. 1:06-CV-0198 (N.D. Ga. Feb. 15, 2006), http://​www.​ftc.​gov/​os/​caselist/​ choicepoint/stipfinaljudgement.pdf; see also Otto et al. (2007).
 
2
Cal. Civ. Code §§ 1798.29, .82, .84.
 
3
ibid, Sec 4 1798 .82 a.
 
4
So e.g. the US Health Information Technology for Economic and Clinical Health Act (HITECH Act) which in additions to information about the facts of the breach (what data, when and, if known, by whom) also mandates information about the steps individuals should take in response to the breach; steps that are carried out to investigate the breach, and steps individual may want to take to mitigate, and protect against further harm.
 
5
In the US, entities that are regulated under the Gramm-Leach-Bliley Act or the Health Insurance Portability and Accountability Act (HIPAA) and meet their more stringent and prescriptive regulations and guidelines are frequently exempted from DBNLs. See Stevens (2005) p. 6. Use of strong encryption can also create a safe harbour. (Burdon et al. 2010a, b).
 
6
So in the Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice, 70 Fed. Reg. 15,736 (Mar. 29, 2005), a data breach notification system for the financial sector.
 
7
Art. 4(3), Directive 2009/136/EC.
 
8
Commission Regulation (EU) No 611/2013 Art 2 (2).
 
9
This problem is explicitly acknowledged in the German implementation of the Directive. § 42a S. 6 BDSG ensures that the information cannot be used in criminal proceedings against the company that reported the breach. (However, German law does not recognize a fruit of the poisonous tree doctrine, so information that the prosecutors found themselves after investigating in response to the notification is probably not affected) . However, German law only awards the right against self incrimination to natural persons, so that legal persons such as companies, the typical data controller, will not be protected by this rule.
 
10
Terrorism Act (2000) Sec 19 (b).
 
11
28 U.S.C. § 1651.
 
Literatur
Bentham, J. (1827). Rationale of judicial evidence 1–8. New York: Rothman & Co.
Bibas, S. (2002). The right to remain silent helps only the guilty. Iowa Law Review, 88, 421–432.
Burdon, M., Low, R. and Reid, J. F.. (2010a). If it’s encrypted it’s secure! The viability of US state-based encryption exemptions. In: Proceedings of the 2010 IEEE International Symposium on technology and society: Social implications of emerging technologies. IEEE http://​eprints.​qut.​edu.​au/​32781/​1/​c32781.​pdf. Accessed May 2016
Burdon, M., Reid, J., & Low, R. (2010b). Encryption safe harbours and data breach notification laws. Computer Law & Security Review, 26, 520–534.CrossRef
Desmedt, Y., Burmester, M., & Seberry, J. (2001). Equitability in retroactive data confiscation versus proactive key Escrow. In K. Kim (Ed.), Public key cryptography (pp. 277–286). Springer: Berlin.CrossRef
Draper, A. (2006). Identity theft: Plugging the massive data leaks with a stricter nationwide breach-notification law. Journal Marshall & Law Review, 40, 681–703.
Duff, A. (2001). Punishment, communication, and community. New York: Oxford University Press.
Duff, A. (2010a). A criminal law for citizens. Theoretical Criminology, 14(3), 293–309.CrossRef
Duff, A. (2010b). The boundaries of the criminal law. Oxford: Oxford University Press.CrossRef
Duff, A., Farmer, L., Marshall, S. E., Renzo, M., & Tadros, V. (2015). Criminalization: the political morality of the criminal law. Oxford: Oxford University Press.
Esty, D. C. (2004). Environmental protection in the information age. NYUL Review, 79, 115–212.
Floridi, L. (1999). Information ethics: On the philosophical foundation of computer ethics. Ethics and Information Technology, 1, 33–52.CrossRef
Floridi, L. (2002). On the intrinsic value of information objects and the infosphere. Ethics and Information Technology, 4, 287–304.CrossRef
Floridi, L. (2005). Is semantic information meaningful data? Philosophy and Phenomenological Research, 70(2), 351–370.CrossRef
Floridi, L. (Ed.). (2010). The Cambridge handbook of information and computer ethics. Cambridge: Cambridge University Press.
Floridi, L. (2015). Tolerant paternalism: Pro-ethical design as a resolution of the Dilemma of toleration. Science and Engineering Ethics, 21, 1–20.CrossRef
Goel, S., & Shawky, H. A. (2014). The impact of federal and state notification laws on security breach announcements. Communications of the Association for Information Systems, 34, 37–50.
Hirsch, D. D. (2013). The glass house effect: Big data, the new oil, and the power of analogy. Maine Law Review, 66, 373–396.
Kurzon, D. (1995). The right of silence: A socio-pragmatic model of interpretation. Journal of Pragmatics, 23, 55–69.CrossRef
Lee, S. (2006). Breach notification laws: Notification requirements and data safeguarding now apply to everyone, including entrepreneurs. Entrepreneurial Business Law Journal, 1, 125–153.
Leonard, T. C., Thaler, R. H., & Sunstein, C. R. (2008). Nudge: Improving decisions about health, wealth, and happiness. Constitutional Political Economy, 19, 356–360.CrossRef
Marshall, S. (2004). Victims of crime: Their station and its duties. Critical Review of International Social and Political Philosophy, 7, 104–117.
Marshall, S. (2015). It isn’t just about you’ victims of crime, their associated. Duties, and public wrongs. In A. Duff, et al. (Eds.), Criminalization: The political morality of the criminal law. Oxford: Oxford University Press.
Naess, A. (1973). The shallow and the deep, long-range ecology movement. A summary. Inquiry, 16, 95–100.CrossRef
Needles, S. A. (2009). The data game: Learning to love the state-based approach to data breach notification law. NCL Review, 88, 267–310.
Nowey, T., & Federrath, H. (2007). Collection of quantitative data on security incidents. InThe second international conference on availability, reliability and security ARES (pp. 325–334). Vienna: IEEE.CrossRef
Otto, P. N., Antón, A. I., & Baumer, D. L. (2007). The choicepoint dilemma: How data brokers should handle the privacy of personal information. IEEE Security and Privacy, 5, 15–23.CrossRef
Sasha, R., & Acquisti, A. (2009). Privacy costs and personal data protection: Economic and legal perspectives. Berkeley Technology Law Journal, 24, 1061–1101.
Schneider, J. W. (2009). Preventing data breaches: Alternative approaches to Deter Negligent handling of consumer data. Boston University Journal of Science & Technology Law, 15, 279–304.
Schwartz, P. M., & Janger, E. J. (2007). Notification of data security breaches. Michigan Law Review, 105, 913–984.
Segall, L. (2015, September 8). Pastor outed on Ashley Madison commits suicide. CNNMoney.
Seidmann, D. J., & Stein, A. (2000). The right to silence helps the innocent: A game-theoretic analysis of the Fifth Amendment privilege. Harvard Law Review, 114, 430–510.CrossRef
Simitian, J. (2009). UCB security breach notification symposium March 6, 2009: How a bill becomes a law, really. Berkeley Technology Law Journal, 24, 1009–1018.
Skinner, T. H. (2003). California’s database breach notification security act: The first state breach notification law is not yet a suitable template for national identity theft legislation. Richmond Journal Law & Technology, 10, 1–40.
Sunstein, C. R. (1999). Informational regulation and informational standing: Akins and beyond. University of Pennsylvania Law Review, 147, 613–675.CrossRef
Towle, H. K. (2003). Identity theft: Myths, methods, and new law. Rutgers Computer & Technology Law Journal, 30, 237–326.
Winn, J. K. (2009). Are “Better” security breach notification laws possible? 2–3. Berkley Technology Law Journal, 24, 1133–1165.
Wintgens, L. J. (2006). Legisprudence as a new theory of legislation. Ratio Juris, 19, 1–25.CrossRef
Zander, M. (1995). You have no right to remain silent: Abolition of the privilege against self-incrimination in England. Louis ULJ, 40, 659–676.
Metadaten
Titel
Speaking Truth to/as Victims – A Jurisprudential Analysis of Data Breach Notification Laws
verfasst von
Burkhard Schafer
Copyright-Jahr
2017
Buch
The Responsibilities of Online Service Providers

Print ISBN: 978-3-319-47851-7

Electronic ISBN: 978-3-319-47852-4

Copyright-Jahr: 2017

DOI
https://doi.org/10.1007/978-3-319-47852-4_5