Calif. (KCBS) -- A
prominent Northern California legal expert is calling for major reforms to
cyber security, saying that companies and agencies holding consumers'
personal information are not doing enough to protect it.
UC Davis Law
Professor Edward Imwinklereid has seen a lot of suits over the years
involving cyber security breaches. They usually involve plaintiffs arguing
"But for [their] negligence, those third parties overseas or somewhere in
the United States would never have obtained that sensitive information,"
Jeff Bell Reports
In response, the accused companies or agencies often argue that they did
all they could by employing external add-ons to safeguard information such
as malware detectors and virus scanners.
But, says Imwinkereid, what companies really need are updated computer
systems that embed automatic alerts and other built-in protections. He
offers up the example of an employee who is taking home thousands of files
every weekend, a breach that a proper security system would be able to
address in two key ways.
"Number one, you get an automatic alert when this clown tries to take
home 2,000 files on a weekend, and number two, you get an automatic shutdown
as soon as something like that happens," says Imwinkelreid.
Security experts say such a system is totally feasible.
"You can certainly set up rules and tests to know if information that
shouldn't be going out is going out in large quantities," said Michael
Cherry, president of Cherry Biometrics.
Cherry and Imwinkelried have teamed up to address this concept in the
current issue of the journal "Judicature," arguing that the courts can play
a leading role in this reform by expanding the scope of causation arguments
in cases involving computer security breaches.