cylab NEWS
Do Notification Laws Impact Identity Theft? Carnegie Mellon Researcher Says “There Doesn’t Seem to Be Any Evidence …”
Sasha Romanosky is a Carnegie Mellon University PhD student conducting research into the Economics of Information Security for the Heinz College and CyLab. Sasha’s research is highlighted in a recent IDG news service story entitled “Notification Laws Not Lowering ID Theft,” picked up by CSO Magazine and several other prominent publications.
Here is a brief excerpt, with a link to the full text:
“Over the past five years, 43 U.S. states have adopted data breach notification laws, but has all of this legislation actually cut down on identity theft? Not according to researchers at Carnegie Mellon University who have published a state-by-state analysis of data supplied by the U.S. Federal Trade Commission (FTC).”
"There doesn't seem to be any evidence that the laws actually reduce identity theft," says Sasha Romanosky, a Ph.D student at Carnegie Mellon who is one of the paper's authors."
Romanosky's team took a state-by-state look at FTC identity theft complaints filed between 2002 and 2006 to see whether there was a noticeable impact on complaints in states that had adopted data breach notification laws such as California's SB 1386, which compels companies and institutions to notify state residents when their personal information has been lost or stolen. Their paper is set to be presented at a conference on Information Security Economics held at Dartmouth College later this month." CSO Magazine, 6-5-08.