[Dataloss] Researchers Say Notification Laws Are Not Lowering ID Theft Incidents

lyger lyger at attrition.org
Thu Jun 5 05:25:59 UTC 2008


http://attrition.org/pipermail/dataloss/2008-May/002307.html

http://weis2008.econinfosec.org/papers/Romanosky.pdf


On Thu, 5 Jun 2008, Paul Ferguson wrote:

": " -----BEGIN PGP SIGNED MESSAGE-----
": " Hash: SHA1
": " 
": " If anyone finds a link to the CMU report, please forward it to
": " the list.
": " 
": " Via ComputerWorld.
": " 
": " [snip]
": " 
": " Over the past five years, 43 U.S. states have adopted data breach
": " notification laws, but has all of this legislation actually cut down on
": " identity theft? Not according to researchers at Carnegie Mellon University
": " who have published a state-by-state analysis of data supplied by the U.S.
": " Federal Trade Commission (FTC).
": " 
": " "There doesn't seem to be any evidence that the laws actually reduce
": " identity theft," said Sasha Romanosky, a Ph.D student at Carnegie Mellon
": " who is one of the paper's authors.
": " 
": " Romanosky's team took a state-by-state look at FTC identity theft
": " complaints filed between 2002 and 2006 to see whether there was a
": " noticeable impact on complaints in states that had adopted data breach
": " notification laws such as California's SB 1386, which compels companies and
": " institutions to notify state residents when their personal information has
": " been lost or stolen. Their paper is set to be presented at a conference on
": " Information Security Economics held at Dartmouth College later this month.
": " 
": " [snip]
": " 
": " More:
": " http://www.computerworld.com/action/article.do?command=viewArticleBasic&art
": " icleId=9093659



More information about the Dataloss mailing list