In the United States, identity theft resulted in corporate and consumer losses of $56 billion dollars in 2005, with up to 35 percent of known identity thefts caused by corporate data breaches. Many states have responded by adopting “data breach disclosure laws” that require firms to notify...

Privacy and security tools can help users protect themselves online. Unfortunately, people are often unaware of such tools, and have potentially harmful misconceptions about the protections provided by the tools they know about. Effectively encouraging the adoption of privacy tools requires...

Blockchains and the GDPR pursue similar objectives where they seek to grant users greater control over their personal data. While the latter pursues this goal by imposing duties of care to centralised controllers and collectors of data, blockchains go a step beyond by trying to eliminate these...

Economics offer different but complementary approaches to understanding privacy and security. For this inaugural contribution to the new In Our Orbit department, I was asked to explain briefly their methodological differences and similarities, and why they matter in our thinking about security...

Breaches of the security of personal data collected by firms are reported almost daily. Companies are under an increasing political pressure to notify individuals whose privacy as been breached. At the moment, we know virtually nothing about the behavioral impact of data breach notifications. We...

Companies are under an increasing pressure by policy makers to publicize data breaches. Such notification obligations require announcing the loss of personal data collected from customers, because of hacker attacks or other incidents. While notification is likely to impact on firms' reputation,...

When card data is exposed in a data breach but has not yet been used to attempt fraud, the overall social costs of that breach depend on whether the financial institutions that issued those cards immediately cancel them and issue new cards or instead wait until fraud is attempted. This article...