Proving Limits of State Data Breach Notification Laws: Is a Federal Law the Most Adequate Solution?

Journal Article (2016)
Author(s)

F. Bisogni (TU Delft - Organisation & Governance)

Research Group
Organisation & Governance
Copyright
© 2016 F. Bisogni
DOI related publication
https://doi.org/10.5325/jinfopoli.6.2016.0154
More Info
expand_more
Publication Year
2016
Language
English
Copyright
© 2016 F. Bisogni
Research Group
Organisation & Governance
Volume number
6
Pages (from-to)
154-205
Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Abstract

This article investigates the adequateness of data breach notification laws and the possible impact of a federal law in the United States. Based on the analysis of 445 notifications issued in 2014, three observations for law development are presented. First, the question about underreporting is raised and a possible option for facilitating its emergence is proposed. Second, the specification of the dates of the breach detection and of the breach itself are identified as essential to foster consumers’ reaction. Finally, a stricter regulation of the content of the notification is suggested to avoid firms minimizing the actual risk.

Files

Jinfopoli.6.2016.0154.pdf
(pdf | 2.74 Mb)
License info not available