The Effect of State Data Breach Notification Laws on Medical Identity Theft
25 Pages Posted: 14 Nov 2020
Date Written: May 21, 2020
As the number of data breaches in the United States grows each year, cyber-security has become an increasingly important policy area. The primary mechanism for regulating and deterring data breaches is the "data breach notification law." Every U.S. state now has such a law that mandates that certain organizations disclose data breaches to their data subjects. Despite the popularity of these laws, there is relatively little evidence about their effectiveness at deterring breaches, and therefore reducing identity theft. Using medical identity theft panel data collected from the Consumer Financial Protection Bureau (CFPB), this study implements an augmented synthetic control approach to analyze the effect of certain data breach notification standards on medical identity theft.
Suggested Citation: Suggested Citation