Much Ado About Notification: Difference between revisions
(New page: ==Full Title of Reference== Much Ado About Notification: Does the Rush to Pass State-Level Data Security Regulations Benefit Consumers? ==Full Citation== Thomas M. Lenard and Paul H. Ru...) |
No edit summary |
||
Line 5: | Line 5: | ||
==Full Citation== | ==Full Citation== | ||
Thomas M. Lenard and Paul H. Rubin, ''Much Ado About Notification: Does the Rush to Pass State-Level Data Security Regulations Benefit Consumers?'', Regulation, Vol. 29, No. 1 (2006). | Thomas M. Lenard and Paul H. Rubin, ''Much Ado About Notification: Does the Rush to Pass State-Level Data Security Regulations Benefit Consumers?'', Regulation, Vol. 29, No. 1 (2006). | ||
[http://www.cato.org/pubs/regulation/regv29n1/v29n1-5.pdf ''Web''] | [http://www.cato.org/pubs/regulation/regv29n1/v29n1-5.pdf ''Web''] | ||
Line 15: | Line 14: | ||
==Categorization== | ==Categorization== | ||
Issues: [[Information Sharing/Disclosure]] | *Issues: [[Information Sharing/Disclosure]] | ||
*Approaches: [[Regulation/Liability]] | |||
==Key Words== | ==Key Words== | ||
[[Keyword_Index_and_Glossary_of_Core_Ideas#Credit_Card_Fraud | Credit Card Fraud]], [[Keyword_Index_and_Glossary_of_Core_Ideas#Disclosure_Policy | Disclosure Policy]], [[Keyword_Index_and_Glossary_of_Core_Ideas#Identity_Fraud.2FTheft | Identity Fraud/Theft]] | |||
==Synopsis== | ==Synopsis== | ||
Outline: | |||
The Costs of Security Breaches | |||
Market Responses | |||
Improved Security | |||
Notification | |||
Benefits of Notification | |||
Reduced Benefits | |||
Consumer Response | |||
Costs of Notification | |||
Direct Costs | |||
Costs of Consumers' Actions | |||
Information Costs | |||
Are the Benefits Greater Than the Costs? | |||
Federal Preemption | |||
Federalism's Benefits | |||
Inconsistencies | |||
Effect of Inconsistencies | |||
Conclusion | |||
Data security breaches have received considerable public attention of late, and have prompted several states to mandate that firms whose data may have been compromised to notify their customers of the security breaches. This study finds that the costs of a notification requirement are likely to be substantially higher than the benefits. Even for consumers whose data have been compromised, the probability of being a victim of fraud is so low - only 2 percent - that little action is justified. Overall, the authors estimate that the expected benefits of mandatory notification are very small - less than $10 per compromised individual. | Data security breaches have received considerable public attention of late, and have prompted several states to mandate that firms whose data may have been compromised to notify their customers of the security breaches. This study finds that the costs of a notification requirement are likely to be substantially higher than the benefits. Even for consumers whose data have been compromised, the probability of being a victim of fraud is so low - only 2 percent - that little action is justified. Overall, the authors estimate that the expected benefits of mandatory notification are very small - less than $10 per compromised individual. |
Revision as of 14:48, 28 June 2010
Full Title of Reference
Much Ado About Notification: Does the Rush to Pass State-Level Data Security Regulations Benefit Consumers?
Full Citation
Thomas M. Lenard and Paul H. Rubin, Much Ado About Notification: Does the Rush to Pass State-Level Data Security Regulations Benefit Consumers?, Regulation, Vol. 29, No. 1 (2006). Web
Categorization
- Issues: Information Sharing/Disclosure
- Approaches: Regulation/Liability
Key Words
Credit Card Fraud, Disclosure Policy, Identity Fraud/Theft
Synopsis
Outline:
The Costs of Security Breaches Market Responses Improved Security Notification Benefits of Notification Reduced Benefits Consumer Response Costs of Notification Direct Costs Costs of Consumers' Actions Information Costs Are the Benefits Greater Than the Costs? Federal Preemption Federalism's Benefits Inconsistencies Effect of Inconsistencies Conclusion
Data security breaches have received considerable public attention of late, and have prompted several states to mandate that firms whose data may have been compromised to notify their customers of the security breaches. This study finds that the costs of a notification requirement are likely to be substantially higher than the benefits. Even for consumers whose data have been compromised, the probability of being a victim of fraud is so low - only 2 percent - that little action is justified. Overall, the authors estimate that the expected benefits of mandatory notification are very small - less than $10 per compromised individual.
Additional Notes and Highlights
* Outline key points of interest