Much Ado About Notification

7 Pages Posted: 24 Apr 2006

See all articles by Thomas M. Lenard

Thomas M. Lenard

Technology Policy Institute

Paul H. Rubin

1350 Main St UNIT 1703


Data security breaches have received considerable public attention of late, and have prompted several states to mandate that firms whose data may have been compromised to notify their customers of the security breaches. This study finds that the costs of a notification requirement are likely to be substantially higher than the benefits. Even for consumers whose data have been compromised, the probability of being a victim of fraud is so low - only 2 percent - that little action is justified. Overall, we estimate that the expected benefits of mandatory notification are very small - less than $10 per compromised individual.

Keywords: data security, data security breaches, notification, fraud, legislation, lenard, rubin, cost of security breaches, market responses, improved security, identity theft, costs of notification

JEL Classification: K4, K40, K42, K49, K39, K23, K10, K100

Suggested Citation

Lenard, Thomas M. and Rubin, Paul H., Much Ado About Notification. Regulation, Vol. 29, No. 1, pp. 44-50, Spring 2006, Emory Law and Economics Research Paper No. 06-08, Available at SSRN:

Thomas M. Lenard (Contact Author)

Technology Policy Institute ( email )

1401 Eye St. NW
Suite 505
Washington, DC 20005
United States
(202) 828 4405 (Phone)

Paul H. Rubin

1350 Main St UNIT 1703 ( email )

1350 Main Steet #1703
Sarasota, FL 34236
United States
14049310493 (Phone)


Here is the Coronavirus
related research on SSRN

Paper statistics

Abstract Views
PlumX Metrics