Projects per year
Abstract
While the discussion about a federal law on data breach notification is ongoing and a rash of large, costly data breaches has galvanized public interest in the issue, this paper investigates on the phenomenon of data breach notification letters. In case of any data breach a company faces a number of dilemmas on how to inform the customers.
The choices that a company makes on the missive content result decisive in having a prompt customers’ reaction against identity theft and eventually in shaping the relations between customers and the organization itself.
Starting from the various regulations in place in US, the analysis has been performed focusing on the content of over 210 letters sent in US in the first semester of 2014. In particular letters are classified based on elements that can be isolated and analysed, e.g. the level of transparency used in communicating the event causing the breach or the time span between data breach identification and its notification to customers. In the end we labeled the data breach notifications according to the message customers might perceive when reading them. As a result six message types have been identified. This investigation contributes to the ongoing debate on the federal law on data breach notifications,
highlighting limitations and effects of the already implemented State laws.
The choices that a company makes on the missive content result decisive in having a prompt customers’ reaction against identity theft and eventually in shaping the relations between customers and the organization itself.
Starting from the various regulations in place in US, the analysis has been performed focusing on the content of over 210 letters sent in US in the first semester of 2014. In particular letters are classified based on elements that can be isolated and analysed, e.g. the level of transparency used in communicating the event causing the breach or the time span between data breach identification and its notification to customers. In the end we labeled the data breach notifications according to the message customers might perceive when reading them. As a result six message types have been identified. This investigation contributes to the ongoing debate on the federal law on data breach notifications,
highlighting limitations and effects of the already implemented State laws.
| Original language | English |
|---|---|
| Title of host publication | 14th Workshop on the Economics of Information Security |
| Publication status | Published - 2015 |
| Event | 14th Workshop on the Economics of Information Security - TU Delft, Delft, Netherlands Duration: 22 Jun 2015 → … https://www.econinfosec.org/archive/weis2015/index.html |
Conference
| Conference | 14th Workshop on the Economics of Information Security |
|---|---|
| Country/Territory | Netherlands |
| City | Delft |
| Period | 22/06/15 → … |
| Internet address |
Keywords
- data breaches
- notification
- Data breach notification laws
Fingerprint
Dive into the research topics of 'Data Breaches and the Dilemmas in Notifying Customers'. Together they form a unique fingerprint.Projects
- 1 Active
-
Cybersecurity (TPM)
van Eeten, M. J. G., Hernandez Ganan, C., Gürses, F. S., van Wegberg, R. S., Parkin, S. E., Zhauniarovich, Y., van Engelenburg, S. H., Kadenko, N. I., Labunets, K., Akyazi, U., Bouwman, X. B., Jansen, B. A., Kaur, M., Al Alsadi, A., Lone, Q. B., Turcios Rodriguez, E. R., Vermeer, M., van Harten, V. T. C., Vetrivel, S., Oomens, E. (. C. )., Kustosch, L. F., Bisogni, F., Ciere, M., Fiebig, T., Korczynski, M. T., Moreira Moura, G. C., Noroozian, A., Pieters, W., Tajalizadehkhoob, S., Dacier, B. H. A., San José Sanchez, J., Çetin, F. O. & Zannettou, S.
1/01/10 → …
Project: Research