"Do the Benefits of Voluntarily Reporting Serious Data Breaches to the ICO Outweigh the Risk of Monetary Penalties?: A Theoretical Analysis" Free Download
Winchester Conference on Trust, Risk, Information and the Law, West Downs Campus, University of Winchester, UK, 29 April 2014

J. T. MANHIRE, Treasury Executive Institute - U.S. Department of the Treasury

The Upper Information Rights Tribunal in the UK recently held that controllers not required by law to report data breaches are still subject to monetary penalties even if they voluntarily report a breach. The Information Commissioner’s Office (ICO) and some information law experts stated that this holding notwithstanding, the economic benefits of self-reporting still outweigh the risk of penalties since the ICO considers self-reporting a mitigating factor in determining the amount of any fine. This paper attempts a theoretical analysis of controllers’ risk calculi to determine if they are truly better off self-reporting breaches. Based on historic ICO data, we first examine the claim that self-reporting mitigates a penalty’s magnitude. We then investigate whether the mitigation of penalty amounts alone is sufficient to persuade controllers that they are better off self-reporting given their “chances of being fined.? Conventional models use a fixed value for this probability in analyzing economic benefit. Through the employment of the principle of perspectivity, we show that for these models to accurately reflect experience we must modify our definition of the “chances of being fined? and factor in a controller’s decision to report or not report. Modifying the traditional models accordingly, we conclude that controllers as a population are currently not better off self-reporting. We close by offering specific suggestions for the ICO to create conditions where controllers will be better off self-reporting breaches even if they are fined.

"Statistically Insignificant Deaths: Disclosing Drug Harms to Investors (and Patients) Under SEC Rule 10b-5" Free Download
George Washington Law Review, Vol. 82, No. 1, pp. 111-173, 2013

GEORGE A. MOCSARY, Southern Illinois University at Carbondale - School of Law

This Article, using statistical tools and theory in conjunction with more standard legal approaches, argues that pharmaceutical manufacturers should disclose all cases of illness or injury associated with their products because this data is material to patients and their doctors, and therefore to Securities and Exchange Commission Rule 10b-5’s “reasonable investor.? Patient and investor interests complement each other in this context, so each will benefit from disclosures that interest the other. Because individuals process more information than traditional statistical tests convey, they act reasonably in expanding their treatment and investment criteria beyond statistical data. Moreover, two sets of expert intermediaries — doctors and professional investors — will be involved. Their expertise will contribute to a more accurate assessment of the risks that adverse-event reports may suggest a drug presents, and of the significance of these risks to shareholders. The Supreme Court’s reasons for not requiring full disclosure are out of place in the context of adverse-event reporting given Rule 10b-5’s pro-disclosure mandate and the fact that even seemingly singular and unconnected facts can substantially move investors’ and patients’ opinions about a drug’s safety, and thus its maker’s viability. A full-disclosure rule would place the determination of which facts are important into the hands of parties with “skin in the game? rather than regulators or self-interested drug makers.

"Incident Response Planning for Data Protection" Free Download

MUHAMMAD ADEEL JAVAID, Institute of Electrical and Electronics Engineers

The aim of this paper is to provide an advisory service to organizations in the context of facilitating the development of their CSIR capabilities. A great deal of work has been published regarding the basis of network security policies and the process of setting up CSIRs. This paper examines the implications of European privacy law – specifically the Directive on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data (95/46/EC) – for CSIRTs handling information relating to incidents. In particular it examines when and how it is appropriate for a CSIRT to use information itself, and the circumstances in which it may be appropriate to disclose it to others.

"Who Cares About the 85 Percent? Reconsidering Survey Evidence of Online Confusion in Trademark Cases" Free Download
96 J Pat Trademark Off Socy 265-297

DANIEL J. GERVAIS, Vanderbilt University - Law School
JULIE LATSKO, Vanderbilt University

There is an assumption in US trademark law that the protection of consumer interests -- a traditional pillar of trademark law -- is best achieved by enjoining a defendant's use of a mark that creates a likelihood of confusion (with the plaintiff's mark) for 15% or more (sometimes less) of relevant consumers. Courts often use survey evidence to determine the existence of a likelihood of confusion. This article argues that the interests of all consumers are relevant in that determination. This means that assessing the costs, if any, imposed on nonconfused consumers should also be part of the equation. This can be accomplished in part by making better use of verbatim answers and by taking a deeper look into the information conveyed by the survey. Likelihood of confusion analyses should be both quantitative and qualitative.


About this eJournal

This eJournal distributes working and accepted paper abstracts of articles, recently published articles, books, legislative reports, conferences, and other publications that address issues of interest to consumer law scholars and practitioners. Coverage includes legal issues pertaining to advertising, consumer reporting (including credit repair organizations), discrimination (including redlining), consumer disclosure (such as the Truth in Lending Act, the Real Estate Settlement Procedures Act, and consumer leasing), consumer fraud (including issues arising under the Federal Trade Commission Act, state UDAP statutes, odometer laws, referral sales, and bait and switch statutes), unconscionability, standard form contracts, consumer privacy (including telemarketing, spam, spyware, phishing, direct mail, financial privacy, common law privacy torts in consumer transactions, and online privacy), identity theft, data protection, cooling off rules (including door to door sales regulation), payment systems (such as credit and debit cards, internet payment issues, stored value cards (including gift cards and phone cards), and electronic transfers), warranties (including UCC warranties, lemon laws, and the Magnuson-Moss Warranty Act), consumer product safety, commercial speech doctrine, debt collection, repossession, predatory lending (including asset-based lending, equity stripping, flipping, balloon payments, negative amortization, loan packing, rate-risk disparities and yield-spread premiums), payday lending, usury, credit insurance, electronic shopping (including electronic signatures and records, formation of contracts, and payments), the holder in due course regulation, mortgages, student loans, repossession, foreclosure, regulation that pertains to consumer markets and enforcement of consumer laws (including class actions, preemption, arbitration, administrative enforcement, small claims courts and attorney's fees). The eJournal does not cover landlord-tenant issues or criminal law. The eJournalwelcomes a broad range of methodological approaches, including conventional doctrinal analyses, law and economics approaches, historical discussions, socio-legal analyses, law and society approaches, discussions of consumer psychology that bear on legal issues, international law analyses and comparative law approaches.


To submit your research to SSRN, sign in to the SSRN User HeadQuarters, click the My Papers link on left menu and then the Start New Submission button at top of page.

Distribution Services

If your organization is interested in increasing readership for its research by starting a Research Paper Series, or sponsoring a Subject Matter eJournal, please email:

Distributed by

Legal Scholarship Network (LSN), a division of Social Science Electronic Publishing (SSEP) and Social Science Research Network (SSRN)



Northwestern University - School of Law, Northwestern University - Kellogg School of Management, European Corporate Governance Institute (ECGI)

Stanford Law School, Columbia Law School, European Corporate Governance Institute (ECGI)

Please contact us at the above addresses with your comments, questions or suggestions for LSN-Sub.

Advisory Board

Consumer Law eJournal

Associate Dean, Director - Consumer Law Center, Dwight Olds Chair in Law, University of Houston Law Center

Roger Henderson Professor of Law, University of Arizona - James E. Rogers College of Law

Professor of Law, Georgia State University College of Law

George Alexander Madill Professor of Contracts and Commercial Law, Washington University in Saint Louis - School of Law

Professor of Law, Oklahoma City University - School of Law

Professor of Law, Ohio State University - Michael E. Moritz College of Law

Associate Dean and Professor of Law, University of Wyoming College of Law

Professor of Law, University of Kent, Canterbury - Kent Law School

Professor of Law, Catholic University of America - Columbus School of Law

Associate Dean for Intellectual Life and Professor of Law, Hofstra University School of Law