Abstract

  
 

References (47)



 


 



Empirical Analysis of Data Breach Litigation


Sasha Romanosky


Carnegie Mellon University - Heinz College of Information Systems and Public Policy

David A. Hoffman


Temple University - James E. Beasley School of Law; Cultural Cognition Project at Yale Law School

Alessandro Acquisti


Carnegie Mellon University - H. John Heinz III School of Public Policy and Management
February 19, 2012

Temple University Legal Studies Research Paper No. 2012-30

Abstract:     
In recent years, a large number of data breaches have resulted in lawsuits in which individuals seek redress for alleged harm resulting from an organization losing or compromising their personal information. Currently, however, very little is known about those lawsuits. Which types of breaches are litigated, which are not? Which lawsuits settle, or are dismissed? Using a unique database of manually-collected lawsuits from PACER, we analyze the court dockets of over 230 federal data breach lawsuits from 2000 to 2010. We use binary outcome regressions to investigate two research questions: Which data breaches are being litigated in federal court? Which data breach lawsuits are settling? Our results suggest that the odds of a firm being sued in federal court are 3.5 times greater when individuals suffer financial harm, but over 6 times lower when the firm provides free credit monitoring following the breach. We also find that defendants settle 30% more often when plaintiffs allege financial loss from a data breach, or when faced with a certified class action suit. While the compromise of financial information appears to lead to more federal litigation, it does not seem to increase a plaintiff’s chance of a settlement. Instead, compromise of medical information is more strongly correlated with settlement.

Number of Pages in PDF File: 28

Keywords: data breach, identity theft, privacy litigation, docket analysis, docketology

Accepted Paper Series


Download This Paper

Date posted: January 16, 2012 ; Last revised: August 15, 2012

Suggested Citation

Romanosky, Sasha, Hoffman, David A. and Acquisti, Alessandro, Empirical Analysis of Data Breach Litigation (February 19, 2012). Temple University Legal Studies Research Paper No. 2012-30. Available at SSRN: http://ssrn.com/abstract=1986461 or http://dx.doi.org/10.2139/ssrn.1986461

Contact Information

Sasha Romanosky (Contact Author)
Carnegie Mellon University - Heinz College of Information Systems and Public Policy ( email )
Pittsburgh, PA 15213-3890
United States
David A. Hoffman
Temple University - James E. Beasley School of Law ( email )
1719 N. Broad Street
Philadelphia, PA 19122
United States
215-204-0612 (Phone)
Cultural Cognition Project at Yale Law School
127 Wall St
New Haven, CT 06520
United States
Alessandro Acquisti
Carnegie Mellon University - H. John Heinz III School of Public Policy and Management ( email )
Pittsburgh, PA 15213-3890
United States
412-268-9853 (Phone)
412-268-5339 (Fax)
Feedback to SSRN (Beta)


Paper statistics
Abstract Views: 7,249
Downloads: 1,716
Download Rank: 3,658
References:  47

© 2013 Social Science Electronic Publishing, Inc. All Rights Reserved.  FAQ   Terms of Use   Privacy Policy   Copyright
This page was processed by apollo1 in 0.437 seconds