Sasha Romanosky

RAND Corporation

Policy Researcher

1776 Main Street

P.O. Box 2138

Santa Monica, CA 90407-2138

United States

Carnegie Mellon University - Heinz College of Information Systems and Public Policy

Pittsburgh, PA 15213-3890

United States

SCHOLARLY PAPERS

12

DOWNLOADS
Rank 10,341

SSRN RANKINGS

Top 10,341

in Total Papers Downloads

8,915

SSRN CITATIONS
Rank 14,292

SSRN RANKINGS

Top 14,292

in Total Papers Citations

72

CROSSREF CITATIONS

35

Scholarly Papers (12)

1.

Empirical Analysis of Data Breach Litigation

Journal of Empirical Legal Studies 11(1):74-104 01 Mar 2014 https://doi.org/10.1111/jels.12035, Temple University Legal Studies Research Paper No. 2012-30
Number of pages: 30 Posted: 16 Jan 2012 Last Revised: 18 Jan 2023
Sasha Romanosky, David A. Hoffman and Alessandro Acquisti
RAND Corporation, University of Pennsylvania Carey Law School and Carnegie Mellon University - H. John Heinz III School of Public Policy and Management
Downloads 3,735 (5,925)
Citation 27

Abstract:

Loading...

data breach, identity theft, privacy litigation, docket analysis, docketology

2.

Content Analysis of Cyber Insurance Policies: How Do Carriers Write Policies and Price Cyber Risk?

Number of pages: 38 Posted: 10 Mar 2017
Sasha Romanosky, Lilian Ablon, Andreas Kuehn and Therese Jones
RAND Corporation, RAND Corporation, RAND Corporation and RAND Corporation
Downloads 1,477 (25,545)
Citation 31

Abstract:

Loading...

Cyber Insurance, Cyber Liability, Pricing Cyber Risk

3.

Privacy Costs and Personal Data Protection: Economic and Legal Perspectives

Berkeley Technology Law Journal, Vol. 24, No. 3, 2009
Number of pages: 41 Posted: 13 Dec 2009 Last Revised: 13 Apr 2010
Sasha Romanosky and Alessandro Acquisti
RAND Corporation and Carnegie Mellon University - H. John Heinz III School of Public Policy and Management
Downloads 1,329 (29,878)
Citation 5

Abstract:

Loading...

information disclosure, security breach notification, data breaches, identity theft, privacy costs, ex ante safety regulation, ex post liability

4.

Do Data Breach Disclosure Laws Reduce Identity Theft? (Updated)

Journal of Policy Analysis and Management, Vol. 30, No. 2, pp. 256-286, 2011
Number of pages: 42 Posted: 19 Sep 2008 Last Revised: 13 Oct 2013
Sasha Romanosky, Rahul Telang and Alessandro Acquisti
RAND Corporation, Carnegie Mellon University - H. John Heinz III School of Public Policy and Management and Carnegie Mellon University - H. John Heinz III School of Public Policy and Management
Downloads 1,241 (32,966)
Citation 1

Abstract:

Loading...

data breach disclosure, security breach notification, economics of information security, identity theft, fixed effects regression, difference in difference estimation

5.

Building Common Approaches for Cybersecurity and Privacy in a Globalized World

Number of pages: 152 Posted: 24 Jan 2020
NYU Center for Cybersecurity (CCS), Humboldt University of Berlin, RAND Corporation, University of Passau, Indiana University - Kelley School of Business - Department of Business Law, George Washington University School of Law, University Grenoble-Alpes, CESICE, France. Senior Fellow Cross Border Data Forum & Future of Privacy Forum, Georgia Institute of Technology - Scheller College of Business, Columbia University, School for International and Public Affairs, Stiftung Neue Verantwortung, Alexander von Humboldt Institute for Internet and Society, Boston University - Department of Computer Science and Cisco Systems, Inc.
Downloads 530 (103,200)
Citation 1

Abstract:

Loading...

Cyber Security, Privacy, Data Protection, Transatlantic Relations, Internet

6.

Cyber Crime: Security Under Scarce Resources

American Foreign Policy Council Defense Technology Program Brief, No. 11, June 2015
Number of pages: 10 Posted: 27 Jun 2015
Trey Herr and Sasha Romanosky
American University - School of International Service and RAND Corporation
Downloads 394 (146,494)

Abstract:

Loading...

cyber crime, crime, economics of information security, malware, cyber insurance

7.

Enterprise Risk Management: Understanding the Role of Cyber Risk

TPRC49: The 49th Research Conference on Communication, Information and Internet Policy
Number of pages: 1 Posted: 13 Aug 2021
Sasha Romanosky and Elizabeth Petrun Sayers
RAND Corporation and RAND Corporation
Downloads 113 (467,813)
Citation 2

Abstract:

Loading...

cyber risk, enterprise risk management, ERM

8.

Do Data Breach Disclosure Laws Reduce Identity Theft?

Journal of Policy Analysis and Management, 30(2), 256--286 (2011) https://doi.org/10.1002/pam.20567
Number of pages: 30 Posted: 06 Jan 2019 Last Revised: 17 Nov 2021
Sasha Romanosky, Rahul Telang and Alessandro Acquisti
RAND Corporation, Carnegie Mellon University - H. John Heinz III School of Public Policy and Management and Carnegie Mellon University - H. John Heinz III School of Public Policy and Management
Downloads 71 (626,836)
Citation 10

Abstract:

Loading...

Data Breach, Disclosure Laws, Identity Crimes

9.

Mapping the Cyberstalking Landscape: An Empirical Analysis of Federal U.S. Crimes

2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)
Number of pages: 11 Posted: 22 Aug 2023
Sasha Romanosky and Pete Schirmer
RAND Corporation and RAND Corporation
Downloads 25 (937,298)

Abstract:

Loading...

cyberstalking, PACER, docketology, cyber crime, natural language processing, network analysis

10.

Privacy Patterns for Online Interactions

PLoP '06: Proceedings of the 2006 Conference on Pattern Languages of Programs 12, 1–9, October 21-23, 2006 https://doi.org/10.1145/1415472.1415486
Posted: 02 Dec 2022
RAND Corporation, Carnegie Mellon University - H. John Heinz III School of Public Policy and Management, Carnegie Mellon University - School of Computer Science, Carnegie Mellon University - School of Computer Science and Carnegie Institute of Technology and affiliation not provided to SSRN

Abstract:

Loading...

Privacy Pattersn, Security, Asymmetric Information, Signaling, Informed Consent

11.

Exploit Prediction Scoring System (EPSS)

Digital Threats Research and Practice. Forthcomng., TPRC48: The 48th Research Conference on Communication, Information and Internet Policy
Posted: 17 Dec 2020
Cyentia, RAND Corporation, Cyentia, Kenna Security and Pamplin College of Business

Abstract:

Loading...

EPSS, vulnerability management, exploited vulnerability, CVSS, security risk management

12.

Data Breaches and Identity Theft: When is Mandatory Disclosure Optimal?

TPRC 2010
Posted: 23 Jan 2012
Sasha Romanosky, Alessandro Acquisti and Richard Sharp
RAND Corporation, Carnegie Mellon University - H. John Heinz III School of Public Policy and Management and affiliation not provided to SSRN

Abstract:

Loading...

Other Papers (2)

Total Downloads: 165
1.

Do Data Breach Disclosure Laws Reduce Identity Theft?

5th Annual Conference on Empirical Legal Studies Paper
Number of pages: 42 Posted: 16 Jul 2010 Last Revised: 22 Oct 2010
Sasha Romanosky, Rahul Telang and Alessandro Acquisti
RAND Corporation, Carnegie Mellon University - H. John Heinz III School of Public Policy and Management and Carnegie Mellon University - H. John Heinz III School of Public Policy and Management
Downloads 89

Abstract:

Loading...

Data breach disclosure, security breach notification, economics of information security, identity theft, fixed effects regression, difference in difference estimation

2.

Empirical Analysis of Data Breach Litigation

Number of pages: 27 Posted: 14 Jul 2011
Sasha Romanosky, David A. Hoffman and Alessandro Acquisti
RAND Corporation, University of Pennsylvania Carey Law School and Carnegie Mellon University - H. John Heinz III School of Public Policy and Management
Downloads 76

Abstract:

Loading...

data breach, data breach litigation, docket analysis, identity theft