THE MAGAZINE

Making Data Breaches Public

By Peter Piazza

When sensitive consumer information is stolen, the risk of identity theft rises. Many states have notification legislation; but, writes Michael Turner of the Information Policy Institute, federal rules are needed to prevent “patchwork responses.”

Turner, in Towards a Rational Personal Data Breach Notification Regime, explains that a legislative solution is necessary because “market forces may undersupply notification,” since companies may not wish to notify consumers of a breach if the cost of doing so exceeds the expected damage to the company. However, if a notification trigger is set too low, consumers may eventually stop paying proper attention to a bombardment of notices.

Turner recommends restricting notices to breaches only of certain types of information (those that could be used to perpetrate a fraud), providing a safe harbor when stolen data are encrypted or otherwise inaccessible, and cherrypicking the best elements of state laws into a federal law.

@ The The paper is at SM Online.

AttachmentSize
databreach_technofile1106.pdf196.08 KB

Comments

 

The Magazine — Past Issues

 




Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.