Breach-notification laws not working?

Breach-notification laws not working?
Robert Lemos, SecurityFocus 2008-06-25

The breach-notification laws passed by many states have failed, so far, to produce a measurable impact on identity theft, according to a group of academic researchers that will present their findings on Thursday at the Workshop on the Economics of Information Security (WEIS).

Expand all | Post comment

Breach-notification laws not working? 2008-06-26
Anonymous

Breach-notification laws not working? 2008-06-27
Anonymous (2 replies)

Re: Breach-notification laws not working? 2008-06-30
Anonymous

NOT SHOWN - Breach-notification laws not working? 2008-06-27
Anonymous

Missed the point - Breach-notification laws not working? 2008-06-30
Anonymous

The study missed the point. Breach notification laws are not intended to reduce the occurrence of breaches or identity theft, they are intended to ensure that the consumers who are exposed as a result know that they are victims.

Were consumers (and financial services providers) able to take countermeasures to prevent being victims of fraud?

If identity theft occurred but the consequences were mitigated because the victims were aware of the possibility, the laws worked.

Anecdotally, I had my account information exposed in a recent breach, but I was notified in time to replace the cards before fraud occurred. Would that have happened without breach notification laws?

Others exposed in the same breach were able to detect fraudulent activity immediately. Would they have done so without notification? Would the mitigation have been more difficult and costly?

The study did not look at those aspects of it, thus the study is fatally flawed.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11524/35177#35177