Much Ado About Notification: Difference between revisions

From Cybersecurity Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 22: Line 22:


==Synopsis==
==Synopsis==
Data security breaches have received considerable public attention of late, and have prompted several states to mandate that firms whose data may have been compromised to notify their customers of the security breaches. This study, based on a [[http://cyber.law.harvard.edu/cybersecurity/An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches|previous article]] by both authors, finds that the costs of a notification requirement are likely to be substantially higher than the benefits. Even for consumers whose data have been compromised, the probability of being a victim of fraud is so low - only 2 percent - that little action is justified. Overall, the authors estimate that the expected benefits of mandatory notification are very small - less than $10 per compromised individual.
==Additional Notes and Highlights==


Outline:
Outline:
Line 41: Line 44:
     Effect of Inconsistencies
     Effect of Inconsistencies
   Conclusion
   Conclusion
 
 
 
Data security breaches have received considerable public attention of late, and have prompted several states to mandate that firms whose data may have been compromised to notify their customers of the security breaches. This study finds that the costs of a notification requirement are likely to be substantially higher than the benefits. Even for consumers whose data have been compromised, the probability of being a victim of fraud is so low - only 2 percent - that little action is justified. Overall, the authors estimate that the expected benefits of mandatory notification are very small - less than $10 per compromised individual.
==Additional Notes and Highlights==
'' * Outline key points of interest

Revision as of 14:52, 28 June 2010

Full Title of Reference

Much Ado About Notification: Does the Rush to Pass State-Level Data Security Regulations Benefit Consumers?

Full Citation

Thomas M. Lenard and Paul H. Rubin, Much Ado About Notification: Does the Rush to Pass State-Level Data Security Regulations Benefit Consumers?, Regulation, Vol. 29, No. 1 (2006). Web

BibTeX

SSRN

Categorization

Key Words

Credit Card Fraud, Disclosure Policy, Identity Fraud/Theft

Synopsis

Data security breaches have received considerable public attention of late, and have prompted several states to mandate that firms whose data may have been compromised to notify their customers of the security breaches. This study, based on a [article] by both authors, finds that the costs of a notification requirement are likely to be substantially higher than the benefits. Even for consumers whose data have been compromised, the probability of being a victim of fraud is so low - only 2 percent - that little action is justified. Overall, the authors estimate that the expected benefits of mandatory notification are very small - less than $10 per compromised individual.

Additional Notes and Highlights

Outline: 

 The Costs of Security Breaches
 Market Responses
    Improved Security
    Notification
 Benefits of Notification
    Reduced Benefits
    Consumer Response
 Costs of Notification
    Direct Costs
    Costs of Consumers' Actions
    Information Costs
 Are the Benefits Greater Than the Costs?
 Federal Preemption
    Federalism's Benefits
    Inconsistencies
    Effect of Inconsistencies
 Conclusion
Retrieved from "http://cyber.harvard.edu/cybersecurity/?title=Much_Ado_About_Notification&oldid=2531"