Bruce Schneier wrote:[snip]
What this all means is that protecting individual privacy remains an externality for many companies, and that basic market dynamics won't work to solve the problem. Because the efficient market solution won't work, we're left with inefficient regulatory solutions. So now the question becomes: how do we make regulation as efficient as possible? I have some suggestions:
1. Broad privacy regulations are better than narrow ones.
2. Simple and clear regulations are better than complex and confusing ones.
3. It's far better to regulate results than methodology.
4. Penalties for bad behavior need to be expensive enough to make good behavior the rational choice.
We'll never get rid of the inefficiencies of regulation -- that's the nature of the beast, and why regulation only makes sense when the market fails -- but we can reduce them.