Download This Paper

Open PDF in Browser

Add Paper to My Library

Do Data Breach Disclosure Laws Reduce Identity Theft? (Updated)

Journal of Policy Analysis and Management, Vol. 30, No. 2, pp. 256-286, 2011

42 Pages Posted: 19 Sep 2008 Last revised: 13 Oct 2013

See all articles by Sasha Romanosky

Sasha Romanosky

RAND Corporation; Carnegie Mellon University - Heinz College of Information Systems and Public Policy

Rahul Telang

Carnegie Mellon University - H. John Heinz III School of Public Policy and Management

Alessandro Acquisti

Carnegie Mellon University - H. John Heinz III School of Public Policy and Management

Date Written: September 16, 2008

Abstract

In the United States, identity theft resulted in corporate and consumer losses of $56 billion dollars in 2005, with up to 35 percent of known identity thefts caused by corporate data breaches. Many states have responded by adopting “data breach disclosure laws” that require firms to notify consumers if their personal information has been lost or stolen. While the laws are expected to reduce identity theft, their effect has yet to be empirically measured. We use panel data from the U.S. Federal Trade Commission to estimate the impact of data breach disclosure laws on identity theft from 2002 to 2009. We find that adoption of data breach disclosure laws reduce identity theft caused by data breaches by 6.1 percent, on average.

Keywords: data breach disclosure, security breach notification, economics of information security, identity theft, fixed effects regression, difference in difference estimation

JEL Classification: C23, K10, L51

Suggested Citation: Suggested Citation

Romanosky, Sasha and Telang, Rahul and Acquisti, Alessandro, Do Data Breach Disclosure Laws Reduce Identity Theft? (Updated) (September 16, 2008). Journal of Policy Analysis and Management, Vol. 30, No. 2, pp. 256-286, 2011, Available at SSRN: https://ssrn.com/abstract=1268926

Sasha Romanosky (Contact Author)

RAND Corporation ( email )

1776 Main Street
P.O. Box 2138
Santa Monica, CA 90407-2138
United States

Carnegie Mellon University - Heinz College of Information Systems and Public Policy ( email )

Pittsburgh, PA 15213-3890
United States

Rahul Telang

Carnegie Mellon University - H. John Heinz III School of Public Policy and Management ( email )

4800 Forbes Ave
Pittsburgh, PA 15213-3890
United States
412-268-1155 (Phone)

Alessandro Acquisti

Carnegie Mellon University - H. John Heinz III School of Public Policy and Management ( email )

Pittsburgh, PA 15213-3890
United States
412-268-9853 (Phone)
412-268-5339 (Fax)

Download This Paper

Open PDF in Browser

Do you have a job opening that you would like to promote on SSRN?

Place Job Opening

Paper statistics

Downloads

1,173

Abstract Views

12,181

Rank

28,315

PlumX Metrics

Recommended Papers

Uses and Abuses of Empirical Evidence in the Death Penalty Debate

By John J. Donohue and Justin Wolfers

Uses and Abuses of Empirical Evidence in the Death Penalty Debate

By Justin Wolfers and John J. Donohue

Uses and Abuses of Empirical Evidence in the Death Penalty Debate

By Justin Wolfers and John J. Donohue

Does Capital Punishment Have a Deterrent Effect? New Evidence from Post-Moratorium Panel Data

By Hashem Dezhbakhsh, Paul H. Rubin, ...

Shooting Down the More Guns, Less Crime Hypothesis

By Ian Ayres and John J. Donohue

Shooting Down the More Guns, Less Crime Hypothesis

By Ian Ayres and John J. Donohue

On the Issue of Causality in the Economic Model of Crime and Law Enforcement: Some Theoretical Considerations and Experimental Evidence

By Isaac Ehrlich and George Brower

Feedback