Personal data disclosure and data breaches: the customer's viewpoint

Every time the customer (individual or company) has to release personal information to its service provider (e.g., an online store or a cloud computing provider), it faces a trade-off between the benefits gained (enhanced or cheaper services) and the risks it incurs (identity theft and fraudulent uses). The amount of personal information released is the major decision variable in that trade-off problem, and has a proxy in the maximum loss the customer may incur. We find the conditions for a unique optimal solution to exist for that problem as that maximizing the customer's surplus. We also show that the optimal amount of personal information is influenced most by the immediate benefits the customer gets, i.e., the price and the quantity of service offered by the service provider, rather than by maximum loss it may incur. Easy spenders take larger risks with respect to low-spenders, but an increase in price drives customers towards a more careful risk-taking attitude anyway. A major role is also played by the privacy level, which the service provider employs to regulate the benefits released to the customers. We also provide a closed form solution for the limit case of a perfectly secure provider, showing that the results do not differ significantly from those obtained in the general case. The trade-off analysis may be employed by the customer to determine its level of exposure in the relationship with its service provider.

[1]  Huseyin Cavusoglu,et al.  Model for Evaluating , 2022 .

[2]  Lawrence A. Gordon,et al.  The economics of information security investment , 2002, TSEC.

[3]  M. Newman Power laws, Pareto distributions and Zipf's law , 2005 .

[4]  Lawrence E. Barker,et al.  Logit Models From Economics and Other Fields , 2005, Technometrics.

[5]  H. Varian Economic Aspects of Personal Privacy , 2009 .

[6]  Dear Mr Sotiropoulos ARTICLE 29 Data Protection Working Party , 2013 .

[7]  Balachander Krishnamurthy,et al.  I know what you will do next summer , 2010, CCRV.

[8]  Lawrence Chung,et al.  Dealing with Security Requirements During the Development of Information Systems , 1993, CAiSE.

[9]  D. Turcotte,et al.  Fractality and Self-Organized Criticality of Wars , 1998 .

[10]  Ted Eschenbach,et al.  Spiderplots versus Tornado Diagrams for Sensitivity Analysis , 1992 .

[11]  Alessandro Acquisti,et al.  Data Breaches and Identity Theft: When is Mandatory Disclosure Optimal? , 2010, WEIS.

[12]  Maurizio Naldi,et al.  Optimal sequence of free traffic offers in mixed fee-consumption pricing packages , 2010, Decis. Support Syst..

[13]  Ye-Sho Chen,et al.  Cyber security management and e-government , 2004, Electron. Gov. an Int. J..

[14]  Balachander Krishnamurthy,et al.  For sale : your data: by : you , 2011, HotNets-X.

[15]  Curtis R. Taylor Consumer Privacy and the Market for Customer Information , 2004 .

[16]  Zoltan Papp,et al.  Probabilistic reliability engineering , 1995 .

[17]  M. E. Gordon,et al.  Direct Mail Privacy-Efficiency Trade-offs within an Implied Social Contract Framework , 1993 .

[18]  M. E. J. Newman,et al.  Power laws, Pareto distributions and Zipf's law , 2005 .