National Academies Press: OpenBook
« Previous: Front Matter
Suggested Citation:"Workshop Introduction." National Academies of Sciences, Engineering, and Medicine. 2016. Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/23559.
×

Workshop Introduction

The Forum on Cyber Resilience of the National Academies of Sciences, Engineering, and Medicine hosted a Workshop on Data Breach Aftermath and Recovery for Individuals and Institutions. The meeting was held on January 12, 2016, in Washington, D.C.

The workshop featured nine speakers addressing a broad range of perspectives on data breaches: empirical, consumer, and data holders’ perspectives and legal and policy perspectives. Distinguished scholars, lawyers, consumer advocates, and industry executives contributed their varied expertise to help draw out key themes and examples and to offer their views on response mechanisms for mitigating harm when data breaches occur.

Cross-cutting themes that emerged throughout the day and were discussed in the concluding plenary session include the following: defining harm, data breach and analysis and the need for a feedback loop to learn from aftermath and remediation to help prevent future breaches, data breach remediation itself, and possible mechanisms for future change.

The meeting was open to the public. This proceedings was created from the presenters’ slides, notes, and a full transcript of the workshop. The proceedings thus serves as a public record of the workshop presentations and discussions. Individuals’ affiliations are provided for identification purposes only.

Suggested Citation:"Workshop Introduction." National Academies of Sciences, Engineering, and Medicine. 2016. Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/23559.
×

OPENING REMARKS

Fred B. Schneider, Ph.D., the Samuel B. Eckert Professor of Computer Science at Cornell University and Chair of the Forum on Cyber Resilience, opened the workshop. He began with an emphasis on the word “resilience,” which was deliberately chosen to reflect the broad goals of the Forum on Cyber Resilience. In addition to typical aspects of information technology, such as security, reliability, and usability, resilience also encompasses social aspects, such as policy, regulation, and economics. By framing the workshop in this context, Schneider underscored the workshop’s broad aim to understand the wide range of potential harms from data breaches and its intention to take a holistic look at how we can build resilience in the face of increasingly large, frequent breaches.

Schneider noted that historically, data breaches have been mostly seen as a threat that leaves people open to personal identity theft; as such, remedies focus on addressing that specific risk. But data breach harms can be more nebulous, and sometimes far more dangerous, than that. He observed that recent breaches on the dating site Ashley Madison, or the U.S. government’s Office of Personnel Management, or the toy company VTech, prove that more than just financial loss is at stake: the harms from data breaches extend into the realms of personal reputations, national security, and even the safety of children.

It is clear that credit monitoring, currently the main remediation for data breaches, has become an inadequate remedy, Schneider said. The question now is, What would be appropriate? Schneider said that proper remediation cannot be determined until the wide range of possible harms, which can range from financial, to national security, to psychological, are understood. Once we identify the harms, he noted, the next step would be to incentivize data holders to anticipate, and mitigate, the risk of harm from future data breaches. He referred attendees to a short document that provided some context-setting material and discussion questions for the workshop (reproduced in the box on the following page).

Having this discussion in Washington, D.C., Schneider noted, is a useful reminder of who has the power to facilitate the types of changes workshop participants are discussing, researching, and advocating. Schneider expressed his hope that the workshop and discussions can have an impact on policy makers and power brokers beyond its participants.

Suggested Citation:"Workshop Introduction." National Academies of Sciences, Engineering, and Medicine. 2016. Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/23559.
×
Suggested Citation:"Workshop Introduction." National Academies of Sciences, Engineering, and Medicine. 2016. Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/23559.
×
Suggested Citation:"Workshop Introduction." National Academies of Sciences, Engineering, and Medicine. 2016. Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/23559.
×
Page 1
Suggested Citation:"Workshop Introduction." National Academies of Sciences, Engineering, and Medicine. 2016. Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/23559.
×
Page 2
Suggested Citation:"Workshop Introduction." National Academies of Sciences, Engineering, and Medicine. 2016. Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/23559.
×
Page 3
Suggested Citation:"Workshop Introduction." National Academies of Sciences, Engineering, and Medicine. 2016. Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/23559.
×
Page 4
Next: Remarks of Speakers »
Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop Get This Book
×
Buy Ebook | $14.99
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

In January 2016, the National Academies of Sciences, Engineering, and Medicine hosted the Workshop on Data Breach Aftermath and Recovery for Individuals and Institutions. Participants examined existing technical and policy remediations, and they discussed possible new mechanisms for better protecting and helping consumers in the wake of a breach. Speakers were asked to focus on data breach aftermath and recovery and to discuss ways to remediate harms from breaches. This publication summarizes the presentations and discussions from the workshop.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    Switch between the Original Pages, where you can read the report as it appeared in print, and Text Pages for the web version, where you can highlight and search the text.

    « Back Next »
  6. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  7. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  8. ×

    View our suggested citation for this chapter.

    « Back Next »
  9. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!