UF law conference to address identity theft, data security

February 3, 2006

GAINESVILLE, Fla. — How did personally identifiable consumer information about millions of Americans become a product corporations can buy and sell? What are companies doing to prevent information about their customers from being stolen by hackers? What laws should governments pass to require businesses to protect you from identity theft?

Twenty experts from four countries — including legal scholars, researchers, technologists, journalists and consumer advocates — will grapple with these questions in a conference at the University of Florida’s Levin College of Law Feb. 3-4.

Titled “Data Devolution: Corporate Information Security, Consumers and the Future of Regulation,” the conference is “intended to provide an overview of the social problems associated with weak information security,” said UF Assistant Professor of Law Andrea Matwyshyn, the conference’s organizer.

“Despite several statutes on the federal and state level to protect certain types of personally identifiable consumer information, security breaches and the data crime economy are burgeoning,” Matwyshyn said.

Participants will also discuss the patchwork of state, federal and international laws that so far has proven unable to prevent several high-profile instances of data theft from businesses such as Bank of America and ChoicePoint.

“Current regulation allows companies to pass off externalities associated with identity theft and privacy violations to the public,” said Chris Hoofnagle, senior counsel for the Electronic Privacy Information Center and one of the speakers at the conference. “We are going to explore how users of personal information can internalize the costs associated with security breaches and privacy violations.

The conference is the first to be organized by UF’s new Center for Information Research, a joint project of the Levin College of Law, the College of Engineering and the Warrington College of Business.

“As technology advances, the way we handle data in our society is becoming increasingly important,” Matwyshyn said. “CIR gives UF an interdisciplinary nexus for research relating to information and technology policy.”

In the future, CIR will host an annual speaker series, engage in research dedicated to information policy (incorporating graduate students from across the university), and produce a wiki and Web site intended to be an interdisciplinary clearinghouse on information security and technology policy issues.

The media are invited to cover the event. For information on media access, please contact Barbara DeVoe, director of conference planning, at (352) 273-0615 or devoe@law.ufl.edu, or go to www.centerforinformationresearch.org.