Acquisti_Do_Data_Breach_Disclosure_Laws_Reduce_Ident_Theft_WP.pdf (413.88 kB)
Download file

Do Data Breach Disclosure Laws Reduce Identity Theft?

Download (413.88 kB)
journal contribution
posted on 31.08.2021, 20:09 by Sasha Romanosky, Rahul TelangRahul Telang, Alessandro AcquistiAlessandro Acquisti
In the United States, identity theft resulted in corporate and consumer losses of $56 billion dollars in 2005, with up to 35 percent of known identity thefts caused by corporate data breaches. Many states have responded by adopting data breach disclosure laws that require firms to notify consumers if their personal information has been lost or stolen. Although the laws are expected to reduce identity theft, their effect has yet to be empirically measured. We use panel data from the U.S. Federal Trade Commission to estimate the impact of data breach disclosure laws on identity theft from 2002 to 2009. We find that adoption of data breach disclosure laws reduce identity theft caused by data breaches, on average, by 6.1 percent. © 2011 by the Association for Public Policy Analysis and Management.


Publisher Statement

This is the peer reviewed version of the following article:Romanosky, S., Telang, R., & Acquisti, A. (2011). Do data breach disclosure laws reduce identity theft? Journal of Policy Analysis and Management, 30(2), 256–286 , which has been published in final form at This article may be used for non-commercial purposes in accordance with Wiley Terms and Conditions for Use of Self-Archived Versions. This article may not be enhanced, enriched or otherwise transformed into a derivative work, without express permission from Wiley or by statutory rights under applicable legislation. Copyright notices must not be removed, obscured or modified. The article must be linked to Wiley’s version of record on Wiley Online Library and any embedding, framing or otherwise making available the article or pages thereof by third parties from platforms, services and websites other than Wiley Online Library must be prohibited