The legal landscape of information security

Scales

Some lawyers thrive on change and evolution, according to new Northeastern University School of Law professor Andrea Matwyshyn.

She is a prime example, devoting her legal career to what she describes as one of the most fluid fields of the past 15 years: information security.

andrea250

School of Law professor Andrea Matwyshyn Courtesy photo

“Information technology innovation and security are clearly the most pressing issues of our time with regard to markets and national security,” says Matwyshyn, who joined the law school’s faculty this summer.

This fall she is teaching a course dedicated to the evolution of Internet law, with a particular focus on intellectual property, contracts, privacy, and security. She’s also teaching a seminar on information security, which spotlights the emerging debate in Washington between security research and policy.

Information security, as Matwyshyn puts it, “is a course that significantly evolves each year.”

“Certainly,” she adds, “the reality of technology development and innovative new business models, as well as the evolution of more successful cyberattacks on networks, are influences on the seminar’s content.”

Matwyshyn’s research, meanwhile, focuses on the legal implications of innovation and how the changing dynamics of information security and consumer privacy impact innovation and technology entrepreneurship. In her 2009 book, Harboring Data: Information Security, Law, and the Corporation, Matwyshyn dives into the common mistakes companies make after suffering data breaches, as well the weaknesses in federal law when it comes to protecting the privacy of both health and financial data.

In recent months, the cyberattacks on the Sony, Jeep, and Ashley Madison websites have captured headlines and highlighted the failure of information security.

Matwyshyn, who noted that Northeastern’s emphasis on growing its information security profile drew her to campus, says that every hack is a reminder for companies to regularly check their cybersecurity systems. As she explains, “Those types of situations highlight the need for constant vigilance with respect to the integrity and confidentiality of information.”