More Than a Suspect: An Investigation into the Connection Between Data Breaches, Identity Theft, and Data Breach Notification Laws

None, None; None, None

More Than a Suspect: An Investigation into the Connection Between Data Breaches, Identity Theft, and Data Breach Notification Laws

Journal Article (2020)

Author(s)

F. Bisogni (TU Delft - Organisation & Governance)

Hadi Asghari (TU Delft - Organisation & Governance)

Research Group

Organisation & Governance

Copyright

DOI related publication

https://doi.org/10.5325/JINFOPOLI.10.2020.0045

Data breaches Data breach notification laws Identity theft

To reference this document use:

https://resolver.tudelft.nl/uuid:26c096c9-e97a-4033-8dc5-b930c0fb64e2

More Info

expand_more

Publication Year

2020

Language

English

Copyright

Research Group

Organisation & Governance

Volume number

10

Pages (from-to)

45-82

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Abstract

This article investigates the relationship between data breaches and identity theft, including the impact of Data Breach Notification Laws (DBNL) on these incidents (using empirical data and Bayesian modeling). We collected incident data on breaches and identity thefts over a 13-year timespan (2005–2017) in the United States. Our analysis shows that the correlation is driven by the size of a state. Enacting a DBNL still slightly reduces rates of identity theft; while publishing breaches notifications by Attorney Generals helps the broader security community learning about them. We conclude with an in-depth discussion on what the European Union can learn from the US experience.

Files

Jinfopoli.10.2020.0045.pdf

(pdf | 7.87 Mb)