While information security and privacy losses are now spiraling out of control, and have been demonstrably shown to threaten national sovereignty, military superiority, industrial infrastructure order, national economic competitiveness, the solvency of major businesses, faith and trust in the Internet as a platform for modern commerce, as well as political stability, the U.S. Congress has nonetheless to date refused to seriously address the root cause of these threats. The root cause is a legally reinforced incentive system that encourages, and further entrenches, top management decisions that provide inadequate resources for, and inadequate top management attention to, information security and privacy matters. This article explains why the current top management legally defined incentive systems are dysfunctional and how they should be modified so as to create considerably more socially desirable results. Employing a minimum-changes politically palatable strategy, the article discusses how a revival of the common law theories of negligence and recklessness, in both the criminal and civil areas, can be used to establish a new socially beneficial top management incentive system. A draft federal statute manifesting these recommendations is provided.
Charles Cresson Wood,
Solving the Information Security & Privacy Crisis by Expanding the Scope of Top Management Personal Liability,
Available at: http://scholarship.law.nd.edu/jleg/vol43/iss1/5