Data Breaches and Identity Theft: When is Mandatory Disclosure Optimal?

نویسندگان

  • Sasha Romanosky
  • Richard Sharp
  • Alessandro Acquisti
چکیده

In order to reduce identity theft and consumer loss caused by data breaches, many U.S. states have enacted laws requiring firms to notify individuals when their personal information has been stolen or lost. The effect of these disclosure laws has yet to be rigorously tested, and some claim that they only serve to burden firms and consumers with unnecessary costs. Leveraging the economic analysis of accident law, we examine whether mandatory disclosure policies can ever reduce overall social costs by inducing firms and consumers to take optimal care. Using both analytical and numerical modeling, we show that even though firm costs will be higher under disclosure regimes, firms can be induced to increase their investment in care, which may lower social costs. Moreover, disclosure can induce consumers to increase their level of care, thus lowering their total costs. Finally, we find that the change in social costs are typically increasing in disclosure ‘tax’ (costs imposed on firms due to disclosure laws) and decreasing in consumer redress (compensation paid to consumers by firms). However, when firms compensate consumers for only a small amount of loss, some disclosure tax may be necessary to optimally reduce social costs.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Do Data Breaches Disclosure Laws Reduce Identity Theft?

Identity theft resulted in corporate and consumer losses of $56 billion dollars in 2005, with about 30% of known identity thefts caused by corporate data breaches. Many US states have responded by adopting data breach disclosure laws that require firms to notify consumers if their personal information has been lost or stolen. While the laws are expected to reduce identity theft, their full effe...

متن کامل

Do Data Breach Disclosure Laws Reduce Identity Theft?

Identity theft resulted in corporate and consumer losses of $56 billion dollars in 2005, with about 30% of known identity thefts caused by corporate data breaches. Many US states have responded by adopting data breach disclosure laws that require firms to notify consumers if their personal information has been lost or stolen. While the laws are expected to reduce losses, their full effects have...

متن کامل

What caused the breach? An examination of use of information technology and health data breaches.

Data breaches arising from theft, loss, unauthorized access/disclosure, improper disclosure, or hacking incidents involving personal health information continue to increase every year. As of September 2013, reported breaches affecting individuals reached close to 27 million since 2009, when compilation of records on breaches began. These breaches, which involved 674 covered entities and 153 bus...

متن کامل

The Significance of Mandatory Data Breach Warnings to Identity Crime

The relationship between data breaches and identity crime has been scarcely explored in current literature. However, there is an important relationship between the misuse of personal identification information and identity crime as the former is in many respects the catalyst for the latter. Data breaches are one of the ways in which this personal identification information is obtained by identi...

متن کامل

Is your practice at risk for medical identity theft?

Medical identity theft has become increasingly prevalent. Medical practices need to take action and have policies and procedures in place to prevent data breaches. This will protect both the patient and the practice from medical identity theft.

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2010