Data Breach Disclosure: A Policy Analysis

Page Content

Research Areas: Policy, Law and Management

Principal Investigator: Melissa Dark

As information technology has become more ubiquitous and pervasive, assurance and security concerns have escalated; in response, we have seen noticeable growth in public policy aimed at bolstering cybertrust.  With this growth in public policy, questions regarding the effectiveness of these policies arise.  This work is a policy analysis of the state data breach disclosure laws recently enacted in the United States. The state data breach disclosure laws were chosen for policy analysis for three reasons: the rapid policy growth (the United States have enacted 45 state laws in 6 years); this is the first instantiation of informational regulation for information security; and the importance of these laws to identity theft and privacy. The work begins with a brief history in order to provide context. Then, this work examines the way in which historical, political and institutional factors have shaped our current data breach disclosure policies, focusing on discovering how patterns of interaction influenced the legislative outcomes we see today. Finally, this work considers: action that may result from these policies; the action type(s) being targeted; alternatives that are being considered, and; potential outcomes of the existing and proposed alternative policies.

Keywords: cybertrust, disclosure policies, public policy