Do Data Breach Disclosure Laws Reduce Identity Theft: Difference between revisions

From Cybersecurity Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 6: Line 6:


Sasha Romanosky, Rahul Telang, Alessandro Acquisti, ''Do Data Breach Disclosure Laws Reduce Identity Theft ? '' (2007). (Workshop on the Economics of Information Security at Dartmouth College, Jun. 26, 2008). [http://weis2008.econinfosec.org/papers/Romanosky.pdf ''Web'']  
Sasha Romanosky, Rahul Telang, Alessandro Acquisti, ''Do Data Breach Disclosure Laws Reduce Identity Theft ? '' (2007). (Workshop on the Economics of Information Security at Dartmouth College, Jun. 26, 2008). [http://weis2008.econinfosec.org/papers/Romanosky.pdf ''Web'']  
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&action=viewsource&startkey=Romanosky_et_al:2008&f=wikibiblio.bib''BibTeX'']
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&action=viewsource&startkey=Romanosky_et_al:2008&f=wikibiblio.bib''BibTeX'']



Revision as of 10:02, 4 June 2010

Full Title of Reference

Do Data Breach Disclosure Laws Reduce Identity Theft?

Full Citation

Sasha Romanosky, Rahul Telang, Alessandro Acquisti, Do Data Breach Disclosure Laws Reduce Identity Theft ? (2007). (Workshop on the Economics of Information Security at Dartmouth College, Jun. 26, 2008). Web

BibTeX

Categorization

Issues: Information Sharing/Disclosure

Data Breach

Disclosure Laws

Identity Theft

Key Words

information security, disclosure policy, identity theft, security breach notification

Synopsis

Identity theft resulted in corporate and consumer losses of $56 billion dollars in 2005, with about 30% of known identity thefts caused by corporate data breaches. Many US states have responded by adopting data breach disclosure laws that require firms to notify consumers if their personal information has been lost or stolen. While the laws are expected to reduce identity theft, their full effects have yet to be empirically measured. We use panel from the US Federal Trade Commission with state and time fixed effects regression to estimate the impact of data breach disclosure laws on identity theft from 2002 to 2007. We find that adoption of data breach disclosure laws have a marginal effect on the incidences of identity thefts and reduce the rate by just under 2%, on average. While this effect is marginal, reducing identity theft is only one means by which these laws can be evaluated: we appreciate that they may have other benefits such as reducing the average victim's losses or improving a firm's security and operational practices.

Additional Notes and Highlights

Paper review from networkworld.com: "Do data-breach-disclosure laws reduce identity theft? Research attempts to answer the question"

Paper review from consumeraffairs.com: "Data Breach Disclosure Laws Don't Slow Down Identity Theft; Results of recent legislation called 'statistically insignificant'"