3/19: A Case of Misplaced Blame? News Accounts of Hacker, Consumer, and Organizational Responsibility for Compromised Records

March 19, 2007
12:30 pm to 1:30 pm

Philip N. Howard is an assistant professor in the Communication Department at the University of Washington. His book New Media Campaigns and the Managed Citizen (New York: Cambridge University Press, 2006) is about the role of information technology in campaign strategy and political culture. He has published a co-edited collection entitled Society Online: The Internet In Context (Thousand Oaks, CA: Sage, 2003) as well as articles in New Media & Society, the American Behavioral Scientist, and the Annals of the American Academy of Political and Social Science. Howard has been a Fellow at the Pew Internet & American Life Project in Washington, D.C., and the Stanhope Centre for Communications Policy Research in London. He served on the advisory board of the Survey2000 and Survey2001 Projects, and as co-PI on the large project called Information and Communication Technologies in Central Asia. His research has been funded by the National Science Foundation, Rockefeller Foundation and Pew Charitable Trusts. His current research and teaching interests include political communication and the role of new media in social movements and deliberative democracy, work in new economy and e-commerce firms, and the application of new media technologies in addressing social inequalities in the developing world. The computer hacker is one of the most vilified figures in the digital era, but to what degree are organizations actually responsible for compromised personal records? Although computer hacking has been widely reframed as a criminal activity and has received increasingly harsh punishments, the legal response has potentially obfuscated the responsibility of corporations and other institutional actors for data security. To examine the role of organizational behavior in privacy violations, I analyze over 215 incidents of compromised data between 1980 and 2006. All in all, some 1.76 billion records have been exposed, either through hacker intrusions or poor management. In the context of the United States, there have been 8 records compromised for every adult. Between 1980 and 2006, businesses were the primary sources of these incidents, but I find that the recent legislation in California to require notification of privacy violations has exposed educational institutions as among the least well equipped to protect the privacy of their students, staff, and faculty.

Add new comment