论文信息 - The Use of Data Protection Regulatory Actions as a Data Source for Privacy Economics

The Use of Data Protection Regulatory Actions as a Data Source for Privacy Economics

It is well understood that security informatics is constrained by the availability of reliable data sources, which limits the development of robust methods for measuring the impact of data breaches. To date, empirical data breach analysis has largely relied upon the use of economic and financial data associated with an organisation as a measure of impact. To provide an alternative, complementary approach, we explore monetary fines resulting from data protection regulatory actions to understand how the data can inform the evaluation of data breaches. The results indicate where context matters and also provide information on the wider challenges faced by organisations managing personal data.

Andrew C. Simpson | Aaron Ceross | A. Simpson | Aaron Ceross

[1] Vilhelm Verendel,et al. Quantified security is a weak hypothesis: a critical survey of results and assumptions , 2009, NSPW '09.

[2] Lei Zhou,et al. The Economic Cost of Publicly Announced Information Security Breaches: Empirical Evidence from the Stock Market , 2003, J. Comput. Secur..

[3] William M. Shyu,et al. Local Regression Models , 2017 .

[4] M. Eric Johnson,et al. Usability Failures and Healthcare Data Hemorrhages , 2011, IEEE Security & Privacy.

[5] Clifton Phua,et al. Protecting organisations from personal data breaches , 2009 .

[6] Huseyin Cavusoglu,et al. The Effect of Internet Security Breach Announcements on Market Value: Capital Market Reactions for Breached Firms and Internet Security Developers , 2004, Int. J. Electron. Commer..

[7] Lara Khansa,et al. How significant is human error as a cause of privacy breaches? An empirical study and a framework for error management , 2009, Computers & security.

[8] Rabih Bashroush,et al. The impact of repeated data breach events on organisations' market value , 2016, Inf. Comput. Secur..

[9] Alessandro Acquisti,et al. Is There a Cost to Privacy Breaches? An Event Study , 2006, WEIS.

[10] Benjamin Edwards,et al. Hype and Heavy Tails: A Closer Look at Data Breaches , 2016, WEIS.

[11] Andrew C. Simpson,et al. Policy, Statistics, and Questions: Reflections on UK Cyber Security Disclosures , 2016, WEIS.