Team for Research in
Ubiquitous Secure Technology

Do Data Breach Disclosure Laws Reduce Identity Theft? (Updated)
Sasha Romanosky, Rahul Telang, Alessandro Acquisti

Citation
Sasha Romanosky, Rahul Telang, Alessandro Acquisti. "Do Data Breach Disclosure Laws Reduce Identity Theft? (Updated)". Journal of Policy Analysis and Management, 30(2):256-286, 2011.

Abstract
In the United States, identity theft resulted in corporate and consumer losses of $56 billion dollars in 2005, with up to 35 percent of known identity thefts caused by corporate data breaches. Many states have responded by adopting “data breach disclosure laws” that require firms to notify consumers if their personal information has been lost or stolen. While the laws are expected to reduce identity theft, their effect has yet to be empirically measured. We use panel data from the U.S. Federal Trade Commission to estimate the impact of data breach disclosure laws on identity theft from 2002 to 2009. We find that adoption of data breach disclosure laws reduce identity theft caused by data breaches by 6.1 percent, on average.

Electronic downloads

Citation formats  
  • HTML
    Sasha Romanosky, Rahul Telang, Alessandro Acquisti. <a
    href="http://www.truststc.org/pubs/831.html"
    >Do Data Breach Disclosure Laws Reduce Identity Theft?
    (Updated)</a>, <i>Journal of Policy Analysis and
    Management</i>, 30(2):256-286,  2011.
  • Plain text
    Sasha Romanosky, Rahul Telang, Alessandro Acquisti. "Do
    Data Breach Disclosure Laws Reduce Identity Theft?
    (Updated)". <i>Journal of Policy Analysis and
    Management</i>, 30(2):256-286,  2011.
  • BibTeX
    @article{RomanoskyTelangAcquisti11_DoDataBreachDisclosureLawsReduceIdentityTheftUpdated,
        author = {Sasha Romanosky and Rahul Telang and Alessandro
                  Acquisti},
        title = {Do Data Breach Disclosure Laws Reduce Identity
                  Theft? (Updated)},
        journal = {Journal of Policy Analysis and Management},
        volume = {30},
        number = {2},
        pages = {pp.256-286},
        year = {2011},
        abstract = {In the United States, identity theft resulted in
                  corporate and consumer losses of $56 billion
                  dollars in 2005, with up to 35 percent of known
                  identity thefts caused by corporate data breaches.
                  Many states have responded by adopting âdata
                  breach disclosure lawsâ that require firms to
                  notify consumers if their personal information has
                  been lost or stolen. While the laws are expected
                  to reduce identity theft, their effect has yet to
                  be empirically measured. We use panel data from
                  the U.S. Federal Trade Commission to estimate the
                  impact of data breach disclosure laws on identity
                  theft from 2002 to 2009. We find that adoption of
                  data breach disclosure laws reduce identity theft
                  caused by data breaches by 6.1 percent, on average.},
        URL = {http://www.truststc.org/pubs/831.html}
    }
    

Posted by Mary Stewart on 4 Apr 2012.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.