Porcedda, MG orcid.org/0000-0002-9271-3512 (2018) Patching the patchwork: appraising the EU regulatory framework on cyber security breaches. Computer Law and Security Review, 34 (5). pp. 1077-1098. ISSN 0267-3649
Abstract
Breaches of security, a.k.a. security and data breaches, are on the rise, one of the reasons being the well-known lack of incentives to secure services and their underlying technologies, such as cloud computing. In this article, I question whether the patchwork of six EU instruments addressing breaches is helping to prevent or mitigate breaches as intended. At a lower level of abstraction, the question concerns appraising the success of each instrument separately. At a higher level of abstraction, since all laws converge on the objective of network and information security – one of the three pillars of the EU cyber security policy – the question is whether the legal ‘patchwork’ is helping to ‘patch’ the underlying insecurity of network and information systems thus contributing to cyber security. To answer the research question, I look at the regulatory framework as a whole, from the perspective of network and information security and consequently I use the expression cyber security breaches. I appraise the regulatory patchwork by using the three goals of notification identified by the European Commission as a benchmark, enriched by policy documents, legal analysis, and academic literature on breaches legislation, and I elaborate my analysis by reasoning on the case of cloud computing. The analysis, which is frustrated by the lack of adequate data, shows that the regulatory framework on cyber security breaches may be failing to provide the necessary level of mutual learning on the functioning of security measures, awareness of both regulatory authorities and the public on how entities fare in protecting data (and the related network and information systems), and enforcing self-improvement of entities dealing with information and services. I conclude with some recommendations addressing the causes, rather than the symptoms, of network and information systems insecurity.
Metadata
Item Type: | Article |
---|---|
Authors/Creators: |
|
Copyright, Publisher and Additional Information: | © 2018 Maria Grazia Porcedda. Published by Elsevier Ltd. This is an author produced version of a paper published in Computer Law & Security Review. Uploaded in accordance with the publisher's self-archiving policy. |
Keywords: | Data breaches; Security breaches; Cyber security; Data protection; Network and information security; Cloud computing; Data security breaches |
Dates: |
|
Institution: | The University of Leeds |
Academic Units: | The University of Leeds > Faculty of Education, Social Sciences and Law (Leeds) > School of Law (Leeds) |
Depositing User: | Symplectic Publications |
Date Deposited: | 02 Aug 2018 12:44 |
Last Modified: | 27 Jun 2019 00:39 |
Status: | Published |
Publisher: | Elsevier |
Identification Number: | 10.1016/j.clsr.2018.04.009 |
Open Archives Initiative ID (OAI ID): | oai:eprints.whiterose.ac.uk:134063 |
Download
Filename: Porcedda_cyber_security_breaches_Manuscript.pdf
Licence: CC-BY-NC-ND 4.0