recent news

NSF Awards CyLab’s Norman Sadeh and Columbia’s Bellovin $1.2M to Research for New Family of User-Controllable Policy Learning Technologies

New Web-Based Security Test Suite from CyLab’s Collin Jackson, with Google & UC Berkeley

Sixth Annual CyLab Corporate Partners Conference Highlights Vital Research and Urgent Issues

CyLab Technical Director Adrian Perrig Wins Prestigious “Security 7” Award From Information Security Magazine

CyLab Founder Pradeep K. Khosla To Receive Prestigious Academic Excellence Award at 2009 Pan IIT Conference

[see all cylab news]

dividing line

recent CyLab Chronicles

Q&A with Collin Jackson

Q&A with Patrick Tague

Q&A with Jonathan McCune

Q&A with Dena Haritos Tsamitis

Q&A with Anupam Datta

[see all cylab chronicles]

 

cylab NEWS

Do Notification Laws Impact Identity Theft? Carnegie Mellon Researcher Says “There Doesn’t Seem to Be Any Evidence …”

Sasha Romanosky is a Carnegie Mellon University PhD student conducting research into the Economics of Information Security for the Heinz College and CyLab. Sasha’s research is highlighted in a recent IDG news service story entitled “Notification Laws Not Lowering ID Theft,” picked up by CSO Magazine and several other prominent publications.

Here is a brief excerpt, with a link to the full text:

“Over the past five years, 43 U.S. states have adopted data breach notification laws, but has all of this legislation actually cut down on identity theft? Not according to researchers at Carnegie Mellon University who have published a state-by-state analysis of data supplied by the U.S. Federal Trade Commission (FTC).”

"There doesn't seem to be any evidence that the laws actually reduce identity theft," says Sasha Romanosky, a Ph.D student at Carnegie Mellon who is one of the paper's authors."

Romanosky's team took a state-by-state look at FTC identity theft complaints filed between 2002 and 2006 to see whether there was a noticeable impact on complaints in states that had adopted data breach notification laws such as California's SB 1386, which compels companies and institutions to notify state residents when their personal information has been lost or stolen. Their paper is set to be presented at a conference on Information Security Economics held at Dartmouth College later this month." CSO Magazine, 6-5-08.