More Than a Suspect: An Investigation into the Connection Between Data Breaches, Identity Theft, and Data Breach Notification Laws

Fabio Bisogni,Hadi Asghari

doi:10.5325/jinfopoli.10.2020.0045

Fabio Bisogni, Hadi Asghari

Open Access

https://doi.org/10.5325/jinfopoli.10.2020.0045

Copy DOI

Journal: Journal of Information Policy	Publication Date: May 1, 2020
Citations: 1	License type: cc-by-nc-nd

Affiliation: Delft University of Technology

Abstract

Abstract This article investigates the relationship between data breaches and identity theft, including the impact of Data Breach Notification Laws (DBNL) on these incidents (using empirical data and Bayesian modeling). We collected incident data on breaches and identity thefts over a 13-year timespan (2005–2017) in the United States. Our analysis shows that the correlation is driven by the size of a state. Enacting a DBNL still slightly reduces rates of identity theft; while publishing breaches notifications by Attorney Generals helps the broader security community learning about them. We conclude with an in-depth discussion on what the European Union can learn from the US experience.

Full Text