Weather Alert Block

Penn State
Lewis Katz Building, University Park, PA
twitter   facebook   linkedin   Instagram   webmail
Give Now Apply Now

Andrea M. Matwyshyn

Andrea Matwyshyn

Associate Dean for Innovation and Technology
Founding Director, Penn State PILOT Lab
Professor of Law and Engineering Policy
Affiliate Faculty, Bioethics Program, College of the Liberal Arts

Curriculum Vitae


Ph.D., Human Development and Social Policy (applied developmental psychology), Northwestern University
J.D. with Honors, Northwestern University School of Law
M.A, International Relations, Northwestern University
B.A. with Honors, Northwestern University

Andrea Matwyshyn is founding director of the Penn State PILOT Lab (Policy Innovation Lab of Tomorrow), an interdisciplinary technology policy lab, and a professor with Penn State Law and the College of Engineering. She is an academic and author whose work focuses on technology and information policy and law, particularly information security/”cybersecurity,” artificial intelligence, consumer privacy, intellectual property, health technology, and technology workforce pipeline policy. Previously, she was professor of law/professor of computer science (by courtesy) at Northeastern University, where she served as co-director of the Center for Law, Innovation, and Creativity (CLIC). She is a faculty affiliate of the Center for Internet and Society at Stanford Law School and as a senior fellow of the Cyber Statecraft Initiative at the Atlantic Council’s Brent Scowcraft Center on International Security.

Professor Matwyshyn has worked in both the public and private sectors. In 2014, she served as the senior policy advisor/academic in residence at the U.S. Federal Trade Commission. As public service, she has testified in Congress on issues of information security regulation, and she maintains ongoing policy engagement. Prior to becoming an academic, she was a corporate attorney in private practice, focusing her work on technology transactions. She continues to maintain collaborative technology industry relationships and has authored articles for the popular business press, including The Wall Street Journal.

Professor Matwyshyn has previously held primary appointments in University of Pennsylvania’s Wharton School, Northwestern University School of Law, and the University of Florida Levin College of Law. She also has held visiting appointments or affiliations at the University of Oxford, University of Cambridge, University of Edinburgh, Singapore Management University, Indian School of Business, University of Notre Dame, and Princeton University, where she was the Microsoft Visiting Professor of Information Technology Policy during 2014-15. Professor Matwyshyn was a U.S.-U.K. Fulbright Commission Cyber Security Scholar award recipient in 2016-17.


HARBORING DATA: INFORMATION SECURITY, LAW AND THE CORPORATION, Stanford University Press (2009) (editor and contributor).


Major Legal Articles

The Internet of Bodies, 60 William & Mary Law Review _ (2019) (forthcoming).

Broken (with Stephanie K. Pell), _ Harvard Journal Law & Technology _ (2019)(forthcoming).

CYBER!,  2017 BYU Law Review 1109 (2018).

Privacy, the Hacker Way, 87 Southern California Law Review 1 (2014).

Hacking Speech, 107 Northwestern Law Review 795 (2013).

The Law of the Zebra, 28 Berkeley Technology Law Journal 1 (2013).

Generation C: Childhood, Code and Creativity, 87 Notre Dame Law Review 1979 (2012).

Hidden Engines of Destruction: The Reasonable Expectation of Code Safety and the Duty to Warn in Digital Products, 62 Florida Law Review 1 (2010).

Imagining the Intangible, 34 Delaware Journal Corporate Law 3 (2009).

Technoconsen(t)sus, 85 Washington University Law Review 529 (2007).

Material Vulnerabilities: Data Privacy, Corporate Information Security and Securities Regulation, 3 Berkeley Business Law Journal 129 (2005).

Of Nodes and Power Laws: A Network Theory Approach to Internet Jurisdiction through Data Privacy, 98 Northwestern Law Review 493 (2004).

Other Law Review Articles and Projects

Unavailable, 81 University of Pittsburgh Law Review _ (2019) (forthcoming).

Cyber Harder, 24 BU Technology Law Journal 450 (2018).

User Resilience: Building Better Users, 63 Federal Communications Law Journal 391 (2011).
Corporate Cyborgs and Technology Risks, 11 Minnesota Journal of Law, Science & Technology 573 (2010).

Data Devolution: Corporate Information Security, Consumers and the Future of Regulation symposium (organizer, editor and contributor), 84 Chicago Kent Law Review 713 (2010).

Technology, Commerce, Development, Identity, 8 Minnesota Journal of Law, Science & Technology 515 (2007).

Penetrating the Zombie Collective: Spam as an International Security Issue, 4 SCRIPTed (2006).

Organizational Code: A Complexity Theory Perspective on Technology and Intellectual Property Regulation, FOREWORD, 11 Journal of Technology Law & Policy 1 (2006).

Silicon Ceilings: Information Technology Equity, the Digital Divide and the Gender Gap Among Information Technology Professionals, 2 Northwestern Journal of Technology & Intellectual Property 1 (2004).

Business Journal and Other Articles

The ‘Internet of Bodies’ Is Here. Are Courts and Regulators Ready?,  Wall Street Journal, Nov. 12, 2018.

Hackback in black, The Hill, Nov. 6, 2017 (with FTC Comm. Terrell McSweeny).

The Big Security Mistakes Companies Make When Buying Tech, Wall Street Journal, March 13, 2017.

Discussion of Online Display Advertising: Targeting and Obtrusiveness by Avi Goldfarb and Catherine Tucker, _ Marketing Science _ (2010).

CSR and the Corporate Cyborg: Ethical Corporate Information Security Practices, _ Journal of Business Ethics _ (2010).

Book review: Ian Kerr, Valerie Steeves, Carole Lucock (Eds.), Lessons from the Identity Trail (2009), _ IDIS _ (2009).

Behavioural Targeting of Online Advertisements and the Future of Data Protection, 20 Computers and Law _ (2009).

Book Chapters

Chapter 16: The New Intermediation: Contract, Identity and the Future of Internet Governance, In Research Handbook on Governance of the Internet, Ian Brown (ed.), Oxford Internet Institute, (forthcoming 2012).

Commentary: Social Media, Privacy and Children’s Development, in Diana T. Slaughter-Defoe, Race and Child Development, Karger (2012).

Mutually Assured Protection: Development of Relational Internet Security Contracting Norms, Chapter in A. Chander, L. Gelman, M. Radin (eds.), SECURING PRIVACY IN THE INTERNET AGE.  Stanford University Press (2008).

Chapter 10, in Cronin et al. West Treatise on Data Security and Privacy Law: Combating Cyberthreats, West-Thompson (2006) (updating and revising work of previous author Stephen M. Foxman).