Do data breach disclosure laws reduce identity theft?
Article first published online: 9 MAR 2011
© 2011 by the Association for Public Policy Analysis and Management
Journal of Policy Analysis and Management
Volume 30, Issue 2, pages 256–286, Spring 2011
How to Cite
Romanosky, S., Telang, R. and Acquisti, A. (2011), Do data breach disclosure laws reduce identity theft?. J. Pol. Anal. Manage., 30: 256–286. doi: 10.1002/pam.20567
- Issue published online: 9 MAR 2011
- Article first published online: 9 MAR 2011
In the United States, identity theft resulted in corporate and consumer losses of $56 billion dollars in 2005, with up to 35 percent of known identity thefts caused by corporate data breaches. Many states have responded by adopting data breach disclosure laws that require firms to notify consumers if their personal information has been lost or stolen. Although the laws are expected to reduce identity theft, their effect has yet to be empirically measured. We use panel data from the U.S. Federal Trade Commission to estimate the impact of data breach disclosure laws on identity theft from 2002 to 2009. We find that adoption of data breach disclosure laws reduce identity theft caused by data breaches, on average, by 6.1 percent. © 2011 by the Association for Public Policy Analysis and Management.