Empirical Analysis of Data Breach Litigation

Romanosky, Sasha; Hoffman, David A.; Acquisti, Alessandro

doi:10.1111/jels.12035

Cited by 114 publications

(59 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These consumer actions should also be comforting to breached firms that are providing such assistance. Given that past research has shown that firms are less likely to be sued when they provide credit monitoring (Romanosky, Hoffman, and Acquisti, 2014), higher acceptance rates will likely further help reduce civil litigation costs.…”

Section: Discussionmentioning

confidence: 99%

“…A NetDiligence study using anonymous cyber insurance claim data from 2014 reported that personal information was the most frequently exposed type of data (41 percent of breaches, n = 117), followed by personal health information (21 percent) and then credit card information (19 percent) (NetDiligence, 2014). Further, Romanosky, Hoffman, and Acquisti, 2014, found that the most-common personal information stolen was name, address, and Social Security number (77 percent of breaches, n = 1,772), followed by credit card and health information (12 percent). 18 We cannot comment on the absolute percentage of respondents who lost such information because of the potential overlap between discrete categories of information.…”

Section: Health Information 21mentioning

confidence: 99%

“…However, there is a relatively small body of research on the different forms of data compromised in these breaches (Romanosky, Hoffman, and Acquisti, 2014). Therefore, we asked respondents to identify the types of data lost in the most-recent breach notification they received.…”

Section: Types Of Data Compromisedmentioning

confidence: 99%

See 2 more Smart Citations

Consumer Attitudes Toward Data Breach Notifications and Loss of Personal Information

Ablon¹,

Heaton²,

Lavery³

et al. 2016

Self Cite

View full text Add to dashboard Cite

This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited. Permission is given to duplicate this document for personal use only, as long as it is unaltered and complete. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial use. For information on reprint and linking permissions, please visit www.rand.org/pubs/permissions.html.The RAND Corporation is a research organization that develops solutions to public policy challenges to help make communities throughout the world safer and more secure, healthier and more prosperous. RAND is nonprofit, nonpartisan, and committed to the public interest.RAND's publications do not necessarily reflect the opinions of its research clients and sponsors. For more information on this publication, visit www.rand.org/t/rr1187Published by the RAND Corporation, Santa Monica, Calif. © Copyright 2016 RAND CorporationR® is a registered trademark. Cover: Image via pathdoc/Fotoliaiii Preface Data breaches continue to plague private-sector companies, nonprofit organizations, and government agencies. Although spending on cybersecurity continues to grow, companies are still being breached, and sensitive personal, financial, and health information is still being compromised. As of March 2016, 47 states and the District of Columbia have adopted laws that require companies to notify individuals in the event that their personal information is lost or stolen. This report sets out the results of a study of consumer attitudes toward data breaches, notifications that a breach has occurred, and company responses to such events.The report should provide valuable information that can be used by businesses and policymakers as they develop policies and best practices related to information security and data breach response. Moreover, it should be of interest to individuals who conduct business with any organization that holds their personal and confidential data. RAND Institute for Civil JusticeThe RAND Institute for Civil Justice (ICJ) is dedicated to improving the civil justice system by supplying policymakers and the public with rigorous and nonpartisan research. Its studies identify trends in litigation and inform policy choices about liability, compensation, regulation, risk management, and insurance. The institute builds on a long tradition of RAND Corporation research characterized by an interiv Consumer Attitudes Toward Data Breach Notifications disciplinary, empirical approach to public policy issues and rigorous standards of quality, objectivity, and independence.ICJ research is supported by pooled grants from a range of sources, including corporations, trade and professional associations, individuals, government agencies, and private foundations. All its reports are subject to peer review and disseminated widely to policymakers, practitioners in law and business, other r...

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Health Information 21mentioning

confidence: 99%

See 1 more Smart Citation

Consumer Attitudes Toward Data Breach Notifications and Loss of Personal Information

Ablon¹,

Heaton²,

Lavery³

et al. 2016

Self Cite

View full text Add to dashboard Cite

show abstract

“…Different countries in the world use different definitions of personal data and apply different rules governing its collection and use. As a result, businesses operating in a digital economy without borders are exposed to legal and enforcement risks (Romanosky et al 2012 ) that are hard to quantify. Other liabilities arise from the risk that large collections of personal data become targets of cybercrime, in particular when they include identifying or financial information.…”

Section: Why Personal Data Markets Mattermentioning

confidence: 99%

The challenges of personal data markets and privacy

et al. 2015

Self Cite

View full text Add to dashboard Cite

“…For example, individuals may suffer from discrimination or identity theft. Likewise, organizations may suffer from negative publicity, fines or other sanctions [18]. Hence, this data must be anonymized before being shared for analysis.…”

Section: Introductionmentioning

confidence: 99%