Much Ado About Notification

7 Pages Posted: 24 Apr 2006

See all articles by Thomas M. Lenard

Thomas M. Lenard

Technology Policy Institute

Paul H. Rubin

Emory University - Department of Economics


Data security breaches have received considerable public attention of late, and have prompted several states to mandate that firms whose data may have been compromised to notify their customers of the security breaches. This study finds that the costs of a notification requirement are likely to be substantially higher than the benefits. Even for consumers whose data have been compromised, the probability of being a victim of fraud is so low - only 2 percent - that little action is justified. Overall, we estimate that the expected benefits of mandatory notification are very small - less than $10 per compromised individual.

Keywords: data security, data security breaches, notification, fraud, legislation, lenard, rubin, cost of security breaches, market responses, improved security, identity theft, costs of notification

JEL Classification: K4, K40, K42, K49, K39, K23, K10, K100

Suggested Citation

Lenard, Thomas M. and Rubin, Paul H., Much Ado About Notification. Regulation, Vol. 29, No. 1, pp. 44-50, Spring 2006, Emory Law and Economics Research Paper No. 06-08, Available at SSRN:

Thomas M. Lenard (Contact Author)

Technology Policy Institute ( email )

1401 Eye St. NW
Suite 505
Washington, DC 20005
United States
(202) 828 4405 (Phone)

Paul H. Rubin

Emory University - Department of Economics ( email )

1350 Main Steet #1703
Sarasota, FL 34236
United States
14049310493 (Phone)


Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics