Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article

Skip to comments.

Data Breaches and Perceived Liability
APRPEH ^ | 3 Sivan 5768/06 June 2008 | APRPEH

Posted on 06/07/2008 9:17:12 PM PDT by APRPEH

Researchers Say Notification Laws Not Lowering ID Theft

Over the past five years, 43 U.S. states have adopted data breach notification laws, but has all of this legislation actually cut down on identity theft? Not according to researchers at Carnegie Mellon University who have published a state-by-state analysis of data supplied by the U.S. Federal Trade Commission (FTC).

"There doesn't seem to be any evidence that the laws actually reduce identity theft," said Sasha Romanosky, a Ph.D student at Carnegie Mellon who is one of the paper's authors.

Romanosky's team took a state-by-state look at FTC identity theft complaints filed between 2002 and 2006 to see whether there was a noticeable impact on complaints in states that had adopted data breach notification laws such as California's SB 1386, which compels companies and institutions to notify state residents when their personal information has been lost or stolen. Their paper is set to be presented at a conference on Information Security Economics held at Dartmouth College later this month.

Since 1999 the FTC has invited identity theft victims to log information about their cases on its Web site. The data are then made accessible to law enforcement, which uses the information to help analyze crime trends. A lot of people complain, but it represents only a subsection of all identity theft cases. In 2006, for example, the FTC logged 246,035 identity theft complaints, while a Javelin Strategy survey estimated that there were 8.9 million ID theft victims that year. more

(Excerpt) Read more at ...

TOPICS: Business/Economy; Government; Miscellaneous; Reference
KEYWORDS: databreach; identitytheft; idtheft; liability; notification; privacy
It has long been known that it is hard to link actual events of identity theft with known occasions of data breaches. With notable exceptions matching up actual victims to actual data breaches just doesn't happen often. What consumers who read this should as a precursor understand, is that there are different types of data breaches. These are distinguished by the nature of the data breach. Since methodology of theft of data is only marginally accounted for in notification laws and in data breach publicity, the study referred to above may be skewed based upon this factor. more
1 posted on 06/07/2008 9:17:13 PM PDT by APRPEH
[ Post Reply | Private Reply | View Replies]

There's more data than there used to be,

there's more demand to steal that data,

there's less sophisticated protectors than there used to be.

All of this is a prescription for results that look worse than they really are, in terms of an overall situation.

2 posted on 06/07/2008 9:33:18 PM PDT by Bernard (If you always tell the truth, you never have to remember exactly what you said.)
[ Post Reply | Private Reply | To 1 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794 is powered by software copyright 2000-2008 John Robinson