Travis D. Breaux, Assistant Professor of Computer Science, Carnegie Mellon University presented interesting thoughts on regulatory patterns during the Berkeley Center of Law and Technology “Technology, Transforming the Regulatory Endeavor” symposium.

He suggested that the following regulatory “Patterns” that should be followed in drafting regulations. Regulations  should:

1. Allow suspending the course of a prescribed action when appropriate. An example is suspending required notification during a police investigation.
2. Allow design alternatives by giving guidance not implementation details. This allows for technology change, for example. An example might be allowing a change of notification from paper mail to email by not being prescriptive in mechanism.
3. Support thresholds and exceptions. For example, allow substituting a notice on a web site rather than individual notices, to enable scaling.
4. Enable indemnification. An example is to generally require use of encryption but with exception if credit card processing rules are met.
5. Support prohibitions. For example disallow use of SSN unless already used, then require notification of continued use and allow people to prohibit its use.