Do data breach notification laws reduce medical identity theft? Evidence from consumer complaints data
Aniket Kesari
Journal of Empirical Legal Studies, 2022, vol. 19, issue 4, 1222-1252
Abstract:
As the number of data breaches in the United States grows each year, cybersecurity has become an increasingly important policy area. The primary mechanism for regulating and deterring data breaches is the “data breach notification law.” Every US state now has such a law that mandates that certain organizations disclose data breaches to their data subjects. Despite the popularity of these laws, there is relatively little evidence about their effectiveness at deterring breaches, and therefore reducing identity theft. Using medical identity theft panel data collected from the Consumer Financial Protection Bureau, this study implements an augmented synthetic control approach to analyze the effect of California's 2016 data breach notification standards on medical identity theft. This approach suggests that medical identity theft reports in California were reduced by 3.5 reports/100,000 people.
Date: 2022
References: View references in EconPapers View complete reference list from CitEc
Citations: Track citations by RSS feed
Downloads: (external link)
https://doi.org/10.1111/jels.12331
Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.
Export reference: BibTeX
RIS (EndNote, ProCite, RefMan)
HTML/Text
Persistent link: https://EconPapers.repec.org/RePEc:wly:empleg:v:19:y:2022:i:4:p:1222-1252
Access Statistics for this article
More articles in Journal of Empirical Legal Studies from John Wiley & Sons
Bibliographic data for series maintained by Wiley Content Delivery ().