Release date: Aug. 10, 2005
Contact: Elaine Justice at 404-727-0643 or elaine.justice@emory.edu

Notification of Security Breaches Doesn't Benefit Consumers, Says Emory's Rubin

In the wake of a series of high-profile data security breaches, Congress and the states are moving to enact new legislation, including requirements to notify consumers when a security breach occurs. Emory economist Paul Rubin is co-author of a new study concluding that the true cost of mandatory notifications outweighs any perceived benefits to consumers.

Also, say Rubin and co-author Thomas Lenard, the data do not show that identity theft has been increasing over time. Even for consumers whose data has been compromised, the probability of being a victim is so low—only 2 percent—that little action is justified.

"The major regulatory costs to be concerned about are not the direct costs of notification," say the authors. "Rather they are the costs incurred when consumers and firms overreact and take actions that are harmful to themselves and to the free flow of information."

Reach Rubin at 404-727-6365 or prubin@emory.edu.

For the complete study, go to: http://www.pff.org/issues-pubs/pops/pop12.12datasecurity.pdf.

Emory University is known for its demanding academics, outstanding undergraduate college of arts and sciences, highly ranked professional schools and state-of-the-art research facilities. For nearly two decades Emory has been named one of the country's top 25 national universities by U.S. News & World Report. In addition to its nine schools, the university encompasses The Carter Center, Yerkes National Primate Research Center and Emory Healthcare, the state's largest and most comprehensive health care system.

Subscribe to News@Emory RSS feeds for automatic updates of the latest news at Emory.

Back