Harboring Data: Information Security, Law, and the Corporation

Harboring Data: Information Security, Law, and the Corporation

Harboring Data: Information Security, Law, and the Corporation

Harboring Data: Information Security, Law, and the Corporation


As identity theft and corporate data vulnerability continue to escalate, corporations must protect both the valuable consumer data they collect and their own intangible assets. Both Congress and the states have passed laws to improve practices, but the rate of data loss persists unabated and companies remain slow to invest in information security. Engaged in a bottom-up investigation, Harboring Data reveals the emergent nature of data leakage and vulnerability, as well as some of the areas where our current regulatory frameworks fall short.

With insights from leading academics, information security professionals, and other area experts, this original work explores the business, legal, and social dynamics behind corporate information leakage and data breaches. The authors reveal common mistakes companies make, which breaches go unreported despite notification statutes, and surprising weaknesses in the federal laws that regulate financial data privacy, children's data collection, and health data privacy. This forward-looking book will be vital to meeting the increasing information security concerns that new data-intensive business models will have.


Andrea M. Matwyshyn

IN JULY 2005, a hacker sitting in the parking lot of a Marshalls store in Minnesota used a laptop and a telescope-shaped antenna to steal at least 45.7 million credit and debit card numbers from a TJX Companies Inc. database. When the breach came to light in 2007, TJX Companies estimated that it would cost more than $150 million to correct its security problems and settle with consumers affected by the breach. In addition to TJX's direct losses from this incident, which are estimated to be between $1.35 billion and $4.5 billion, the company also faces losses from settlement payouts and, potentially, court-awarded damages.

Perhaps the most troubling part of this information crime was its avoidability: TJX, a retailer worth approximately $17.4 billion had simply neglected its information security and was using a form of encryption on its wireless network that was widely known for years to be obsolete. The network through which the hacker accessed the database had less security on it than many people have on their home wireless networks. In other words, TJX made itself an easy mark for hackers.

TJX is not alone in its information security mistakes. Reviewing newspaper headlines on any given day is likely to yield an article about a corporate data breach. Otherwise sophisticated business entities are regularly failing to secure key information assets. Although the details of particular incidents and the reasons behind them vary, a common theme emerges: corporations are struggling with incorporating information security practices into their operations.

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.