Much Ado About Notification

7 Pages Posted: 24 Apr 2006

See all articles by Thomas M. Lenard

Thomas M. Lenard

Technology Policy Institute

Paul H. Rubin

Emory University - Department of Economics

Abstract

Data security breaches have received considerable public attention of late, and have prompted several states to mandate that firms whose data may have been compromised to notify their customers of the security breaches. This study finds that the costs of a notification requirement are likely to be substantially higher than the benefits. Even for consumers whose data have been compromised, the probability of being a victim of fraud is so low - only 2 percent - that little action is justified. Overall, we estimate that the expected benefits of mandatory notification are very small - less than $10 per compromised individual.

Keywords: data security, data security breaches, notification, fraud, legislation, lenard, rubin, cost of security breaches, market responses, improved security, identity theft, costs of notification

JEL Classification: K4, K40, K42, K49, K39, K23, K10, K100

Suggested Citation

Lenard, Thomas M. and Rubin, Paul H., Much Ado About Notification. Regulation, Vol. 29, No. 1, pp. 44-50, Spring 2006; Emory Law and Economics Research Paper No. 06-08. Available at SSRN: https://ssrn.com/abstract=898208

Thomas M. Lenard (Contact Author)

Technology Policy Institute ( email )

1401 Eye St. NW
Suite 505
Washington, DC 20005
United States
(202) 828 4405 (Phone)

Paul H. Rubin

Emory University - Department of Economics ( email )

1602 Fishburne Drive
Atlanta, GA 30322
United States
404-931-0493 (Phone)
630-604-9609 (Fax)

HOME PAGE: http://www.economics.emory.edu/Rubi.htm

Register to save articles to
your library

Register

Paper statistics

Downloads
98
Abstract Views
1,329
rank
277,279
PlumX Metrics