Proving Limits of State Data Breach Notification Laws: Is a Federal Law the Most Adequate Solution?

  title={Proving Limits of State Data Breach Notification Laws: Is a Federal Law the Most Adequate Solution?},
  author={Fabio Bisogni},
  journal={Journal of Information Policy},
  • F. Bisogni
  • Published 1 June 2016
  • Business
  • Journal of Information Policy
This article investigates the adequateness of data breach notification laws and the possible impact of a federal law in the United States. Based on the analysis of 445 notifications issued in 2014, three observations for law development are presented. First, the question about underreporting is raised and a possible option for facilitating its emergence is proposed. Second, the specification of the dates of the breach detection and of the breach itself are identified as essential to foster… 
Estimating the size of the iceberg from its tip : An investigation into unreported data breach notifications
A decade has passed since the enactment of data breach notification laws (DBNLs) in numerous U.S. states and it is clear that they have offered more visibility into the state of data Breach events in the United States.
Beyond Mandatory: Making Data Breach Notifications Useful for Consumers
Potential reasons for consumers' inaction after a data breach are analyzed, and how data breach notifications and respective requirements should be improved are discussed.
More Than a Suspect: An Investigation into the Connection Between Data Breaches, Identity Theft, and Data Breach Notification Laws
This article investigates the relationship between data breaches and identity theft, including the impact of Data Breach Notification Laws (DBNL) on these incidents (using empirical data and Bayesian modeling), and shows that the correlation is driven by the size of a state.
Data Protection in the United States: U.S. National Report
The United States did not elaborate any uniform federal legislation to ensure the privacy and protection of personal data. Instead, data protection in the United States is constructed out of a
You `Might' Be Affected: An Empirical Analysis of Readability and Usability Issues in Data Breach Notifications
This work analyzed data breach notifications sent to consumers with respect to their readability, structure, risk communication, and presentation of potential actions to find that notifications are long and require advanced reading skills.
Data Breach Announcements and Stock Market Reactions: A Matter of Timing?
Although firms’ announcement of data breaches can lead to reputational or operational damages, extant research suggests that stock markets are relatively unresponsive to such announcements. We
Strategic Aspects of Cyber Risk Information Sharing
It is revealed that many theoretical works assume cyber risk information sharing to be beneficial, while empirical validations are often missing, and this provides a consolidated understanding of defenders’ strategies to privately or publicly share information.
Managing Security Objectives for Effective Organizational Performance Information Security Management
Managing Security Objectives for Effective Organizational Performance Information Security Management by Ramamohan Rao Gutta MBA, Northern Illinois University, 2012 MS, Jawaharlal Nehru Technological
"Now I'm a bit angry: " Individuals' Awareness, Perception, and Responses to Data Breaches that Affected Them
The need for user-friendly tools to improve consumers’ resilience against breaches and accountability for breached organizations to provide more proactive post-breach communications and mitigations is underlined.
Applicable Micropatches and Where to Find Them: Finding and Applying New Security Hot Fixes to Old Software
The state of patching is assessed by analyzing patches for a four-month period of recent Common Vulnerabilities and Exposures (CVEs), and it is found that between existence, discoverability, and versatility of security patches, existence and discoverability are the bigger problems.