|
|
|
|
||||
|
||||
Do Data Breach Disclosure Laws Reduce Identity Theft? (Updated)Sasha RomanoskyCarnegie Mellon University - Heinz College of Information Systems and Public Policy Rahul TelangCarnegie Mellon University - H. John Heinz III School of Public Policy and Management Alessandro AcquistiCarnegie Mellon University - H. John Heinz III School of Public Policy and Management September 16, 2008 Journal of Policy Analysis and Management, Vol. 30, No. 2, pp. 256-286, 2011 Abstract: In the United States, identity theft resulted in corporate and consumer losses of $56 billion dollars in 2005, with up to 35 percent of known identity thefts caused by corporate data breaches. Many states have responded by adopting “data breach disclosure laws” that require firms to notify consumers if their personal information has been lost or stolen. While the laws are expected to reduce identity theft, their effect has yet to be empirically measured. We use panel data from the U.S. Federal Trade Commission to estimate the impact of data breach disclosure laws on identity theft from 2002 to 2009. We find that adoption of data breach disclosure laws reduce identity theft caused by data breaches by 6.1 percent, on average.
Number of Pages in PDF File: 42 Keywords: data breach disclosure, security breach notification, economics of information security, identity theft, fixed effects regression, difference in difference estimation JEL Classification: C23, K10, L51 Accepted Paper SeriesDate posted: September 19, 2008 ; Last revised: February 21, 2012Suggested CitationContact Information
|
|
|||||||||||||||||||||||||||||||
© 2013 Social Science Electronic Publishing, Inc. All Rights Reserved.
FAQ
Terms of Use
Privacy Policy
Copyright
This page was processed by apollo2 in 0.453 seconds
