Governments are having to catch-up with the digital revolution to satisfy their role in providing protection for the common defense. The world is changing. Longstanding definitions of responsibilities, rules, and jurisdictions have not kept up with implementation of technology. One of the traditional roles of government is to provide defense of its citizens and their property. Constitutions, laws, and courts define these roles and place boundaries limiting them. With the rapid onset of digital technology, people are communicating more and in new ways, creating massive amounts of information which is being collected and aggregated. Digital assets and data is itself becoming valuable. Traditional policies and controls are not suited or sufficient to protect citizen’s information. Governments are reacting to address the gaps. This adaptation is pushing the boundaries of scope and in some cases redefining the limitations and precedents derived from an analog era of time. Flexing to encompass the digital domain within the scope of protection, is necessary to align with expectations of the people.
Such change however, is slow. One of the loudest criticisms is the speed in which governments can adapt to sufficiently protect its citizens. Realistically, it must be as boundaries are tested and redrawn. In representative rule, there exists a balance between the rights of the citizen and the powers of the government. Moving too quickly can violate this balance to the detriment of liberty and result in unpleasant outcomes. Move too slow and masses become victimized, building outcry and dissatisfaction in the state of security. Bureaucracy is the gatekeeper to keep the pendulum from swinging too fast.
The only thing that saves us from the bureaucracy is its inefficiency – Eugene McCarthy
The writing is on the wall. Citizens expect government to play a more active role in protecting their digital assets and privacy. Governments are responding. Change is coming across the industry and it will be fueled by litigation and eventually regulatory penalties. Every company, regardless of type, will need to pay much more focus to their cybersecurity.
There are regulatory standards and oversight roles which are being defined as part of the legal structure. Government agencies are claiming and asserting more powers to establish and enforce cybersecurity standards. Recently, the U.S Court of Appeals for the Third Circuit upheld the U.S. Federal Trade Commission’s action against companies who had data breaches and reaffirmed the FTC’s authority to hold companies accountable for failing to safeguard consumer data. The judicial branch interpreted the law in a way which supports the FTC assertion of their role in the digital age.
Litigation precedents, which act as guiding frameworks, are also being challenged and adapted to influence the responsibility and accountability of customer data. The long term ramifications of potential misuse of digital assets and personal data are being considered and weighed toward the benefit of consumers. In a recent case, defendants argued to dismiss a class action but were unsuccessful as the court cited a failure in the “duty to maintain adequate security” which justified the action to continue. The defendant argued that the plaintiffs suffered no actual injury, but the court rejected those arguments, stating the loss of sensitive personal data was “…sufficient to establish a credible threat of real and immediate harm, or certainly impending injury.”.
In a separate case, the Seventh Circuit and the Ninth Circuit concluded that victims have a legal right to file a lawsuit over the long-term consequences of a data breach. In addition to reimbursement for fraudulent charges, the court said even those in the class-action lawsuit who did not experience near-term damages have a likelihood of fraud in the future. The court stated “customers should not have to wait until hackers commit identity theft or credit-card fraud in order to give the class standing." Experts believe this shift in litigation precedent is likely to lead to an increase in data breach class actions in cases involving hacking.
This is the macro trend I see. Governments are stepping up to fill the void where protective oversight does not exist or citizens are not empowered to hold accountable those who have been negligent in protecting their data. The digital realm has grown so rapidly and encompasses citizens’ lives so deeply, governments are accepting they need to adapt legal structures to protect their populace, but struggling in how to make it a reality. We will see more of this re-definition across governmental structures worldwide over the next several years as a legal path is forged and tempered.
Intel Network: My Previous Posts