Skip to main content

The Use of Data Protection Regulatory Actions as a Data Source for Privacy Economics

Aaron Ceross and Andrew Simpson

Abstract

It is well understood that security informatics is constrained by the availability of reliable data sources, which limits the development of robust methods for measuring the impact of data breaches. To date, empirical data breach analysis has largely relied upon the use of economic and financial data associated with an organisation as a measure of impact. To provide an alternative, complementary approach, we explore monetary fines resulting from data protection regulatory actions to understand how the data can inform the evaluation of data breaches. The results indicate where context matters and also provide information on the wider challenges faced by organisations managing personal data.

Address
Cham
Book Title
Computer Safety‚ Reliability‚ and Security: SAFECOMP 2017 Workshops‚ ASSURE‚ DECSoS‚ SASSUR‚ TELERISE‚ and TIPS‚ Trento‚ Italy‚ September 12‚ 2017‚ Proceedings
Editor
Tonetta‚ Stefano and Schoitsch‚ Erwin and Bitsch‚ Friedemann
ISBN
978−3−319−66284−8
Pages
350–360
Publisher
Springer International Publishing
Year
2017