Proving Limits of State Data Breach Notification Laws: Is a Federal Law the Most Adequate Solution?

None, None

Proving Limits of State Data Breach Notification Laws: Is a Federal Law the Most Adequate Solution?

Journal Article (2016)

Author(s)

F. Bisogni (TU Delft - Organisation & Governance)

Research Group

Organisation & Governance

Copyright

DOI related publication

https://doi.org/10.5325/jinfopoli.6.2016.0154

Identity theft Data breaches Data breach notification laws Notification

To reference this document use:

https://resolver.tudelft.nl/uuid:188e1f12-72ec-417d-8267-5a4c7be34e45

More Info

expand_more

Publication Year

2016

Language

English

Copyright

Research Group

Organisation & Governance

Volume number

6

Pages (from-to)

154-205

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Abstract

This article investigates the adequateness of data breach notification laws and the possible impact of a federal law in the United States. Based on the analysis of 445 notifications issued in 2014, three observations for law development are presented. First, the question about underreporting is raised and a possible option for facilitating its emergence is proposed. Second, the specification of the dates of the breach detection and of the breach itself are identified as essential to foster consumers’ reaction. Finally, a stricter regulation of the content of the notification is suggested to avoid firms minimizing the actual risk.

Files

Jinfopoli.6.2016.0154.pdf

(pdf | 2.74 Mb)

License info not available