Empirical Analysis of Data Breach Litigation

Journal of Empirical Legal Studies 11(1):74-104 01 Mar 2014 https://doi.org/10.1111/jels.12035

Temple University Legal Studies Research Paper No. 2012-30

30 Pages Posted: 16 Jan 2012 Last revised: 18 Jan 2023

See all articles by Sasha Romanosky

Sasha Romanosky

RAND Corporation; Carnegie Mellon University - Heinz College of Information Systems and Public Policy

David A. Hoffman

University of Pennsylvania Carey Law School

Alessandro Acquisti

Carnegie Mellon University - H. John Heinz III School of Public Policy and Management

Date Written: April 6, 2013

Abstract

In recent years, many lawsuits have been filed by individuals seeking legal redress for harms caused by the loss or theft of their personal information. However, very little is known about the drivers, mechanics, and outcomes of those lawsuits, making it difficult to assess the effectiveness of litigation at balancing organizations’ usage of personal data with individual privacy rights. Using a unique and manually-collected database, we analyze court dockets for over 230 federal data breach lawsuits from 2000 to 2010. We investigate two questions: Which data breaches are being litigated, and which data breach lawsuits are settling. Our results suggest that the odds of a firm being sued are 3.5 times greater when individuals suffer financial harm, but 6 times lower when the firm provides free credit monitoring. Moreover, defendants settle 30% more often when plaintiffs allege financial loss, or when faced with a certified class action suit. By providing the first comprehensive empirical analysis of data breach litigation, our findings offer insights in the debate over privacy litigation versus privacy regulation.

Keywords: data breach, identity theft, privacy litigation, docket analysis, docketology

Suggested Citation

Romanosky, Sasha and Hoffman, David A. and Acquisti, Alessandro, Empirical Analysis of Data Breach Litigation (April 6, 2013). Journal of Empirical Legal Studies 11(1):74-104 01 Mar 2014 https://doi.org/10.1111/jels.12035, Temple University Legal Studies Research Paper No. 2012-30, Available at SSRN: https://ssrn.com/abstract=1986461 or http://dx.doi.org/10.2139/ssrn.1986461

Sasha Romanosky (Contact Author)

RAND Corporation ( email )

1776 Main Street
P.O. Box 2138
Santa Monica, CA 90407-2138
United States

Carnegie Mellon University - Heinz College of Information Systems and Public Policy ( email )

Pittsburgh, PA 15213-3890
United States

David A. Hoffman

University of Pennsylvania Carey Law School ( email )

3501 Sansom Street
Philadelphia, PA 19104
United States

Alessandro Acquisti

Carnegie Mellon University - H. John Heinz III School of Public Policy and Management ( email )

Pittsburgh, PA 15213-3890
United States
412-268-9853 (Phone)
412-268-5339 (Fax)

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
3,680
Abstract Views
24,753
Rank
5,649
PlumX Metrics