Skip to content

legal landscape of information security


Some lawyers thrive on change and evolution, according to new Northeastern University School of Law professor Andrea Matwyshyn.

She is a prime example, devoting her legal career to what she describes as one of the most fluid fields of the past 15 years: information security.


School of Law professor Andrea Matwyshyn Courtesy photo

“Information technology innovation and security are clearly the most pressing issues of our time with regard to markets and national security,” says Matwyshyn, who joined the law school’s faculty this summer.

This fall she is teaching a course dedicated to the evolution of Internet law, with a particular focus on intellectual property, contracts, privacy, and security. She’s also teaching a seminar on information security, which spotlights the emerging debate in Washington between security research and policy.

Information security, as Matwyshyn puts it, “is a course that significantly evolves each year.”

“Certainly,” she adds, “the reality of technology development and innovative new business models, as well as the evolution of more successful cyberattacks on networks, are influences on the seminar’s content.”

Matwyshyn’s research, meanwhile, focuses on the legal implications of innovation and how the changing dynamics of information security and consumer privacy impact innovation and technology entrepreneurship. In her 2009 book, Harboring Data: Information Security, Law, and the Corporation, Matwyshyn dives into the common mistakes companies make after suffering data breaches, as well the weaknesses in federal law when it comes to protecting the privacy of both health and financial data.

In recent months, the cyberattacks on the Sony, Jeep, and Ashley Madison websites have captured headlines and highlighted the failure of information security.

Matwyshyn, who noted that Northeastern’s emphasis on growing its information security profile drew her to campus, says that every hack is a reminder for companies to regularly check their cybersecurity systems. As she explains, “Those types of situations highlight the need for constant vigilance with respect to the integrity and confidentiality of information.”

Cookies on Northeastern sites

This website uses cookies and similar technologies to understand your use of our website and give you a better experience. By continuing to use the site or closing this banner without changing your cookie settings, you agree to our use of cookies and other technologies. To find out more about our use of cookies and how to change your settings, please go to our Privacy Statement.