Proving Limits of State Data Breach Notification Laws: Is a Federal Law the Most Adequate Solution?

Bisogni, F.

doi:10.5325/jinfopoli.6.2016.0154

Proving Limits of State Data Breach Notification Laws: Is a Federal Law the Most Adequate Solution?

Journal article (2016)

Authors

F. Bisogni Organisation & Governance -

Research Group

Organisation & Governance () (TU Delft)

DOI: https://doi.org/10.5325/jinfopoli.6.2016.0154

Identity theft Data breaches Data breach notification laws Notification

To reference this document use:

http://resolver.tudelft.nl/uuid:188e1f12-72ec-417d-8267-5a4c7be34e45

More Info

expand_more

Published Date

2016

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Technology, Policy and Management

Department

Multi Actor Systems

Research Group

Organisation & Governance

Abstract

This article investigates the adequateness of data breach notification laws and the possible impact of a federal law in the United States. Based on the analysis of 445 notifications issued in 2014, three observations for law development are presented. First, the question about underreporting is raised and a possible option for facilitating its emergence is proposed. Second, the specification of the dates of the breach detection and of the breach itself are identified as essential to foster consumers’ reaction. Finally, a stricter regulation of the content of the notification is suggested to avoid firms minimizing the actual risk.

Files

Jinfopoli.6.2016.0154.pdf

(pdf | 2.74 Mb)

Unknown license