Monday, December 10, 2007

CSO Perspective on Security Breach Notification Laws

The Samuelson Law, Technology & Public Policy Clinic at UC Berkeley released a study on the effects of security breach notification laws in the United States. The study, co-funded by TRUST, is based on a thorough literature review as well as in-depth interviews with several Chief Information Security Officers (or their equivalents) from various industries. The CISO interviews provide insight into internal organizational structure around security investment decisions, regulatory and market factors that affect investment decisions, organizational responses to the enactment of security breach notification laws, market effects of security breaches, and industry best practices. This study is part of an ongoing effort to inform public policy with research into how businesses are affected by privacy law.