WEIS 2009

Data Breaches and Identity Theft


  • This paper studies the implications of payment networks’ collection of personal identifying data and data security on each other’s incidence and costs of identity theft. To facilitate trade, agents join clubs (networks) that compile and secure data. Too much data collection and too little security arise in equilibrium with noncooperative networks compared to the efficient allocation. A number of potential remedies are analyzed: (1) reallocations of data breach costs, (2) mandated security levels, and (3) mandated limits on the amount of data collected.


Return to the previous page.