NORTHWESTERN UNIVERSITY SCHOOL OF LAW — Digital connections permeate our lives — and so do data breaches. Given that we must be online for basic communication, finance, healthcare and more, it is alarming how difficult it is to create rules for securing our personal information. Despite the passage of many data security laws, data breaches are increasing at a record pace. In Breached! Why Data Security Law Fails and How to Improve It, Professor Woodrow Hartzog and co-author Professor Daniel Solove of GW Law, two of the world’s leading experts on privacy and data security, argue that the law fails because, ironically, it focuses too much on the breach itself. “Although humans are the weakest link for data security, policies and technologies are often designed with a poor understanding of human behavior,” explained Hartzog. Breached! corrects this course by focusing on the human side of security. Drawing from public health theory and a nuanced understanding of risk, Solove and Hartzog set out a holistic vision for data security law — one that holds all actors accountable, understands security broadly and in relationship to privacy, looks to prevention and mitigation rather than reaction, and works by accepting human limitations rather than being in denial of them. The book closes with a roadmap for how we can reboot law and policy surrounding data security.