Search GSSD

An Economic Analysis of Notification Requirements for Data Security Breaches

Asks whether or not the private market provides incentives to notify consumers of security breaches and whether or not notification makes sense in a cost-benefit analysis. The private market may not provide enough of an incentive for firms to secure their data and notify customers of any breaches. Monetary costs due to security breaches are very high, but the monetary benefits to notifying customers are small. However, there should be an incentive to invest heavily in security software since firms lose $50 billion annually due to identity theft and frauds. While the existence of an incentive to notify customers is unclear, firms must weight the benefits of notification against the costs.Discusses credit card fraud, disclosure policies, identity theft and identity fraud and transparency.
Thomas M. Lenard and Paul H. Rubin
Technology Policy Institute
Industry Focus: 
Information & Telecommunication
Internet & Cyberspace
Legal & Financial
Bibliographies & Reports