Proving Limits of State Data Breach Notification Laws: Is a Federal Law the Most Adequate Solution?

  title={Proving Limits of State Data Breach Notification Laws: Is a Federal Law the Most Adequate Solution?},
  author={Fabio Bisogni},
  journal={Journal of Information Policy},
  • F. Bisogni
  • Published 1 June 2016
  • Business
  • Journal of Information Policy
This article investigates the adequateness of data breach notification laws and the possible impact of a federal law in the United States. Based on the analysis of 445 notifications issued in 2014, three observations for law development are presented. First, the question about underreporting is raised and a possible option for facilitating its emergence is proposed. Second, the specification of the dates of the breach detection and of the breach itself are identified as essential to foster… 

Estimating the size of the iceberg from its tip : An investigation into unreported data breach notifications

A decade has passed since the enactment of data breach notification laws (DBNLs) in numerous U.S. states and it is clear that they have offered more visibility into the state of data Breach events in the United States.

Beyond Mandatory: Making Data Breach Notifications Useful for Consumers

Potential reasons for consumers' inaction after a data breach are analyzed, and how data breach notifications and respective requirements should be improved are discussed.

Data Protection in the United States: U.S. National Report

The United States did not elaborate any uniform federal legislation to ensure the privacy and protection of personal data. Instead, data protection in the United States is constructed out of a

You `Might' Be Affected: An Empirical Analysis of Readability and Usability Issues in Data Breach Notifications

This work analyzed data breach notifications sent to consumers with respect to their readability, structure, risk communication, and presentation of potential actions to find that notifications are long and require advanced reading skills.

Data Breach Announcements and Stock Market Reactions: A Matter of Timing?

Although firms’ announcement of data breaches can lead to reputational or operational damages, extant research suggests that stock markets are relatively unresponsive to such announcements. We

Challenges to Cybersecurity: Current State of Affairs

  • Ravi Sen
  • Computer Science
    Commun. Assoc. Inf. Syst.
  • 2018
The technical, economic, legal, and behavioral challenges that continue to obstruct any meaningful effort to achieve reasonable cybersecurity are identified.


A novel multivariate frequency-severity framework to analyze breach frequency and the number of affected individuals at the state level is developed and a D-vine copula is proposed to capture the multivariate dependence among conditional severities given frequencies due to its inherent temporal structure and rich bivariate copula families.

Managing Security Objectives for Effective Organizational Performance Information Security Management

Managing Security Objectives for Effective Organizational Performance Information Security Management by Ramamohan Rao Gutta MBA, Northern Illinois University, 2012 MS, Jawaharlal Nehru Technological

Applicable Micropatches and Where to Find Them: Finding and Applying New Security Hot Fixes to Old Software

The state of patching is assessed by analyzing patches for a four-month period of recent Common Vulnerabilities and Exposures (CVEs), and it is found that between existence, discoverability, and versatility of security patches, existence and discoverability are the bigger problems.

More Than a Suspect: An Investigation into the Connection Between Data Breaches, Identity Theft, and Data Breach Notification Laws

This article investigates the relationship between data breaches and identity theft, including the impact of Data Breach Notification Laws (DBNL) on these incidents (using empirical data and Bayesian modeling), and shows that the correlation is driven by the size of a state.