Acquisti_Empirical_Analysis_Data_Breach_Litigation_WP.pdf (254.5 kB)
Download file

Empirical Analysis of Data Breach Litigation

Download (254.5 kB)
journal contribution
posted on 19.08.2021, 20:16 by Sasha Romanosky, David Hoffman, Alessandro AcquistiAlessandro Acquisti
Legal privacy scholarship has typically emphasized the various ways in which plaintiffs fail when bringing legal actions against entities when their personal information is lost or stolen. However, this scholarship is based on a limited set of published judicial opinions about large-scale data breaches. Little is actually known about the characteristics and disposition of a representative set of data breach lawsuits. Using a unique sample of manually-collected data from PACER, we analyze the court dockets of over 200 federal data breach lawsuits from 1998 to 2011. We use discrete outcome regressions to better understand which breaches are being litigated and which lawsuits are being settled. Our results generally (though not strictly) support theoretical notions of litigation. We find that while breach characteristics (size, cause and types of information compromised) are positively correlated with probability of filing a lawsuit, they contribute less when predicting the outcome of the suit. Instead, the probability of settlement is mostly driven by typical legal procedural matters such as actual harm and class certification. © (2011) by the AIS/ICIS Administrative Office, All rights reserved.


Publisher Statement

This is the peer reviewed version of the following article: Romanosky, S., Hoffman, D., & Acquisti, A. (2014). Empirical analysis of Data Breach Litigation. Journal of Empirical Legal Studies, 11(1), 74–104, which has been published in final form at This article may be used for non-commercial purposes in accordance with Wiley Terms and Conditions for Use of Self-Archived Versions. This article may not be enhanced, enriched or otherwise transformed into a derivative work, without express permission from Wiley or by statutory rights under applicable legislation. Copyright notices must not be removed, obscured or modified. The article must be linked to Wiley’s version of record on Wiley Online Library and any embedding, framing or otherwise making available the article or pages thereof by third parties from platforms, services and websites other than Wiley Online Library must be prohibited



Usage metrics

Read the peer-reviewed publication