Data Breaches in Europe: Reported Breaches of Compromised Personal Records in Europe, 2005-2014

21 Pages Posted: 25 Jan 2015

See all articles by Philip N. Howard

Philip N. Howard

University of Washington - Department of Communication; University of Washington - Henry. M. Jackson School of International Studies; University of Washington - The Information School; University of Oxford - Oxford Internet Institute; University of Oxford - Oxford Internet Institute

Orsolya Gulyas

Vrije Universiteit Brussel (VUB) - Institute for European Studies; Central European University (CEU); University of Amsterdam

Date Written: October 2014

Abstract

A growing number of massive data breaches are degrading the personal privacy of people around the world. Data security and privacy policy are ongoing concerns in Europe. But it can be difficult to assess privacy breaches in Europe in particular, since many of the biggest incidents of compromised personal records involve people and organizations from around the world. This working paper offers early descriptive statistics and analysis of the first cross-national, systematized event log of data breaches in Europe.

Methodology. The sample frame includes major media news reports on compromised personal records and is unique for: - sampling 28 European Union member countries, plus Norway and Switzerland; - sampling from 2005 through the third quarter of 2014; - sampling credible news sources in national languages; - high social science standards for event database construction, with multiple sourcing, inter-coder reliability tests, recoding, and specific exclusion criteria.

Findings. A data breach is defined as any incident involving the loss or exposure of digital personal records. Personal records are defined as a) data containing privileged information about an individual that cannot be readily obtained through other public means and b) this information only known by an individual or by an organization under the terms of a confidentiality agreement. Preliminary analysis reveals that over the last decade:

Some 229 data breach incidents involved the personal records of people in Europe. Globally, all these incidents resulted in the loss of some 645 million records, though not all of these breaches exclusively involved people in Europe. Within Europe, we confirmed 200 cases involving people in Europe, and 227 million records lost in Europe-specific breaches.

The total population of the countries covered in this study is 524 million, and the total population of internet users in these countries is 409 million. Expressed in ratios, this means that for every 100 people in the study countries, 43 personal records have been compromised. For every 100 internet users in the study countries, 56 records have been compromised.

Fully 51 percent of all the breaches involved corporations and 89 percent of all the breached records were from compromised corporations. Among all the kinds of organizations from which personal records have been compromised, 41 percent of the incidents involved clear acts of theft by hackers, but 57 percent of the incidents involved organizational errors, insider abuse, or other internal mismanagement (2 percent unspecified).

The level of sophistication and detail in journalism about issues of privacy and personal data has increased, but is largely driven by national “mandatory reporting” rules in particular countries. In other words, we know most about data leaks in countries where organizations are required to report that personal records have been compromised.

Keywords: data breaches, data security, privacy policy, privacy breaches in Europe,

Suggested Citation

Howard, Philip N. and Gulyas, Orsolya, Data Breaches in Europe: Reported Breaches of Compromised Personal Records in Europe, 2005-2014 (October 2014). Available at SSRN: https://ssrn.com/abstract=2554352 or http://dx.doi.org/10.2139/ssrn.2554352

Philip N. Howard (Contact Author)

University of Washington - Department of Communication ( email )

Seattle, WA 98195
United States
2062216532 (Phone)

HOME PAGE: http://www.philhoward.org

University of Washington - Henry. M. Jackson School of International Studies ( email )

Seattle, WA
United States

University of Washington - The Information School ( email )

Box 353350
Seattle, WA 98195
United States

University of Oxford - Oxford Internet Institute ( email )

1 St. Giles
University of Oxford
Oxford OX1 3PG Oxfordshire, Oxfordshire OX1 3JS
United Kingdom

University of Oxford - Oxford Internet Institute ( email )

1 St. Giles
University of Oxford
Oxford OX1 3PG Oxfordshire, Oxfordshire OX1 3JS
United Kingdom

Orsolya Gulyas

Vrije Universiteit Brussel (VUB) - Institute for European Studies ( email )

Pleinlaan 15
Brussels, 1050
Belgium

Central European University (CEU) ( email )

Nador utca 9
Budapest, H-1051
Hungary

University of Amsterdam ( email )

Spui 21
Amsterdam, 1018 WB
Netherlands

Register to save articles to
your library

Register

Paper statistics

Downloads
171
rank
166,583
Abstract Views
1,335
PlumX Metrics