Much Ado About Notification

7 Pages Posted: 24 Apr 2006

See all articles by Thomas M. Lenard

Thomas M. Lenard

Technology Policy Institute

Paul H. Rubin

Emory University - Department of Economics


Data security breaches have received considerable public attention of late, and have prompted several states to mandate that firms whose data may have been compromised to notify their customers of the security breaches. This study finds that the costs of a notification requirement are likely to be substantially higher than the benefits. Even for consumers whose data have been compromised, the probability of being a victim of fraud is so low - only 2 percent - that little action is justified. Overall, we estimate that the expected benefits of mandatory notification are very small - less than $10 per compromised individual.

Keywords: data security, data security breaches, notification, fraud, legislation, lenard, rubin, cost of security breaches, market responses, improved security, identity theft, costs of notification

JEL Classification: K4, K40, K42, K49, K39, K23, K10, K100

Suggested Citation

Lenard, Thomas M. and Rubin, Paul H., Much Ado About Notification. Regulation, Vol. 29, No. 1, pp. 44-50, Spring 2006, Emory Law and Economics Research Paper No. 06-08, Available at SSRN:

Thomas M. Lenard (Contact Author)

Technology Policy Institute ( email )

1401 Eye St. NW
Suite 505
Washington, DC 20005
United States
(202) 828 4405 (Phone)

Paul H. Rubin

Emory University - Department of Economics ( email )

1602 Fishburne Drive
Atlanta, GA 30322
United States
404-931-0493 (Phone)
630-604-9609 (Fax)


Here is the Coronavirus
related research on SSRN

Paper statistics

Abstract Views
PlumX Metrics