Researcher: Rahul Telang
Research Area: Privacy Protection
We intend to research the effects of security and privacy regulations on market outcomes. In recent years, the US federal government as well as many state governments have passed laws that hold firms responsible for security lapses that lead to breach of customer data, or cause damages to third parties. The purpose of these regulations is to force the firms to invest in better security and privacy practices and reduce the losses from malicious information intrusions.
However, many argue that regulations stifle innovation, increase the cost of business and reduce a firm's competitiveness. Alternative "light-handed"
mechanisms such as standards compliance or self-regulation have, therefore, been proposed. Some examples of these regulations include: US data breach disclosure laws, Payment Card Industry Data Security Standard, and Sarbanes-Oxley.
Moreover, regulations are often passed without any empirical verification of their effects. The goal of this proposal is to provide rigorous empirical analysis of some of these regulations to assess their effectiveness.