Data Breaches and the Dilemmas in Notifying Customers

F. Bisogni

Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

2 Downloads (Pure)


While the discussion about a federal law on data breach notification is ongoing and a rash of large, costly data breaches has galvanized public interest in the issue, this paper investigates on the phenomenon of data breach notification letters. In case of any data breach a company faces a number of dilemmas on how to inform the customers.
The choices that a company makes on the missive content result decisive in having a prompt customers’ reaction against identity theft and eventually in shaping the relations between customers and the organization itself.
Starting from the various regulations in place in US, the analysis has been performed focusing on the content of over 210 letters sent in US in the first semester of 2014. In particular letters are classified based on elements that can be isolated and analysed, e.g. the level of transparency used in communicating the event causing the breach or the time span between data breach identification and its notification to customers. In the end we labeled the data breach notifications according to the message customers might perceive when reading them. As a result six message types have been identified. This investigation contributes to the ongoing debate on the federal law on data breach notifications,
highlighting limitations and effects of the already implemented State laws.
Original languageEnglish
Title of host publication14th Workshop on the Economics of Information Security
Publication statusPublished - 2015
Event14th Workshop on the Economics of Information Security - TU Delft, Delft, Netherlands
Duration: 22 Jun 2015 → …


Conference14th Workshop on the Economics of Information Security
Period22/06/15 → …
Internet address


  • data breaches
  • notification
  • Data breach notification laws

Fingerprint Dive into the research topics of 'Data Breaches and the Dilemmas in Notifying Customers'. Together they form a unique fingerprint.

Cite this