Much Ado About Notification: Difference between revisions
| Line 22: | Line 22: | ||
==Synopsis== | ==Synopsis== | ||
Data security breaches have received considerable public attention of late, and have prompted several states to mandate that firms whose data may have been compromised to notify their customers of the security breaches. This study, based on a [http://cyber.law.harvard.edu/cybersecurity/An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches previous article] by both authors, finds that the costs of a notification requirement are likely to be substantially higher than the benefits. | Data security breaches have received considerable public attention of late, and have prompted several states to mandate that firms whose data may have been compromised to notify their customers of the security breaches. This study, based on a [http://cyber.law.harvard.edu/cybersecurity/An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches previous article] by both authors, finds that the costs of a notification requirement are likely to be substantially higher than the benefits. | ||
The authors find that even for consumers whose data have been compromised, the probability of being a victim of fraud is so low - only 2 percent - that little action is justified. Overall, they estimate that the expected benefits of mandatory notification are very small - less than $10 per compromised individual. | |||
According to the authors, in spite of growing perception that identity theft and related frauds are a large a growing problem, data are not consistent with that perception. The data indicate that identity theft has been either constant or diminishing over tome, and they take the view that calls for new regulations should be treated with skepticism. They also underline that the major cost of breach notification are incurred when consumers and firms overreact and take actions that are harmful to themselves and to the free flow of information. | |||
==Additional Notes and Highlights== | ==Additional Notes and Highlights== | ||
Revision as of 15:08, 28 June 2010
Full Title of Reference
Much Ado About Notification: Does the Rush to Pass State-Level Data Security Regulations Benefit Consumers?
Full Citation
Thomas M. Lenard and Paul H. Rubin, Much Ado About Notification: Does the Rush to Pass State-Level Data Security Regulations Benefit Consumers?, Regulation, Vol. 29, No. 1 (2006). Web
Categorization
- Issues: Incentives; Information Sharing/Disclosure
- Approaches: Regulation/Liability
Key Words
Credit Card Fraud, Disclosure Policy, Identity Fraud/Theft
Synopsis
Data security breaches have received considerable public attention of late, and have prompted several states to mandate that firms whose data may have been compromised to notify their customers of the security breaches. This study, based on a previous article by both authors, finds that the costs of a notification requirement are likely to be substantially higher than the benefits.
The authors find that even for consumers whose data have been compromised, the probability of being a victim of fraud is so low - only 2 percent - that little action is justified. Overall, they estimate that the expected benefits of mandatory notification are very small - less than $10 per compromised individual.
According to the authors, in spite of growing perception that identity theft and related frauds are a large a growing problem, data are not consistent with that perception. The data indicate that identity theft has been either constant or diminishing over tome, and they take the view that calls for new regulations should be treated with skepticism. They also underline that the major cost of breach notification are incurred when consumers and firms overreact and take actions that are harmful to themselves and to the free flow of information.
Additional Notes and Highlights
Outline:
The Costs of Security Breaches
Market Responses
Improved Security
Notification
Benefits of Notification
Reduced Benefits
Consumer Response
Costs of Notification
Direct Costs
Costs of Consumers' Actions
Information Costs
Are the Benefits Greater Than the Costs?
Federal Preemption
Federalism's Benefits
Inconsistencies
Effect of Inconsistencies
Conclusion