Developing a Global Data Breach Database and the Challenges Encountered

2021 ◽  
Vol 13 (1) ◽  
pp. 1-33
Author(s):  
Nelson Novaes Neto ◽  
Stuart Madnick ◽  
Anchises Moraes G. De Paula ◽  
Natasha Malara Borges
Keyword(s):  
Data Quality ◽  
Data Protection ◽  
Personal Information ◽  
Regulatory Agencies ◽  
The European Union ◽  
Quality Of Data ◽  
Data Breach ◽  
Data Breaches ◽  
The World ◽  
The U.S

If the mantra “data is the new oil” of our digital economy is correct, then data leak incidents are the critical disasters in the online society. The initial goal of our research was to present a comprehensive database of data breaches of personal information that took place in 2018 and 2019. This information was to be drawn from press reports, industry studies, and reports from regulatory agencies across the world. This article identified the top 430 largest data breach incidents among more than 10,000 data breach incidents. In the process, we encountered many complications, especially regarding the lack of standardization of reporting. This article should be especially interesting to the readers of JDIQ because it describes both the range of data quality and consistency issues found as well as what was learned from the database created. The database that was created, available at https://www.databreachdb.com, shows that the number of data records breached in those top 430 incidents increased from around 4B in 2018 to more than 22B in 2019. This increase occurred despite the strong efforts from regulatory agencies across the world to enforce strict rules on data protection and privacy, such as the General Data Protection Regulation (GDPR) that went into effect in Europe in May 2018. Such regulatory effort could explain the reason why there is such a large number of data breach cases reported in the European Union when compared to the U.S. (more than 10,000 data breaches publicly reported in the U.S. since 2018, while the EU reported more than 160,000 1 data breaches since May 2018). However, we still face the problem of an excessive number of breach incidents around the world. This research helps to understand the challenges of proper visibility of such incidents on a global scale. The results of this research can help government entities, regulatory bodies, security and data quality researchers, companies, and managers to improve the data quality of data breach reporting and increase the visibility of the data breach landscape around the world in the future.

Evaluating the Quality and Usefulness of Data Breach Information Systems

2013 ◽  
pp. 225-240
Author(s):  
Benjamin Ngugi ◽  
Jafar Mana ◽  
Lydia Segal
Keyword(s):  
Information Systems ◽  
Data Quality ◽  
Quality Data ◽  
Quality Of Data ◽  
Law Enforcement Agencies ◽  
Data Breach ◽  
Security Breaches ◽  
Key Stakeholders ◽  
The U.S

As the nation confronts a growing tide of security breaches, the importance of having quality data breach information systems becomes paramount. Yet too little attention is paid to evaluating these systems. This article draws on data quality scholarship to develop a yardstick that assesses the quality of data breach notification systems in the U.S. at both the state and national levels from the perspective of key stakeholders, who include law enforcement agencies, consumers, shareholders, investors, researchers, and businesses that sell security products. Findings reveal major shortcomings that reduce the value of data breach information to these stakeholders. The study concludes with detailed recommendations for reform.

scholarly journals World trade and regional trade orientation in the context of forthcoming transatlantic trade and investment partnership

Equilibrium ◽  
2015 ◽  
Vol 10 (3) ◽  
pp. 105 ◽  
Author(s):  
Elżbieta Czarny ◽  
Paweł Folfas
Keyword(s):  
World Trade ◽  
World Economy ◽  
Dominant Role ◽  
The United States ◽  
The European Union ◽  
Regional Trade ◽  
The World ◽  
Trade And Investment ◽  
The U.S ◽  
The Eu

We analyse potential consequences of the forthcoming Trade and Investment Partnership between the European Union and the United States (TTIP) for trade orientation of both partners. We do it so with along with the short analysis of the characteristics of the third wave of regionalism and the TTIP position in this process as well as the dominant role of the EU and the U.S. in the world economy – especially – in the world trade. Next, we study trade orientation of the hypothetical region created in result of TTIP. We use regional trade introversion index (RTII) to analyze trade between the EU and the U.S. that has taken place until now to get familiar with the potential changes caused by liberalization of trade between both partners. We analyze RTII for mutual trade of the EU and the U.S. Then, we apply disaggregated data to analyze and compare selected partial RTII (e.g. for trade in final and intermediate goods as well as goods produced in the main sectors of economy like agriculture or manufacturing). The analysis of the TTIP region’s orientation of trade based on the historical data from the period 1999-2012 revealed several conclusions. Nowadays, the trade between the EU and the U.S. is constrained by the protection applied by both partners. Trade liberalization constituting one necessary part of TTIP will surely help to intensify this trade. The factor of special concern is trade of agricultural products which is most constrained and will hardly be fully liberalized even within a framework of TTIP. Simultaneously, both parties are even now trading relatively intensively with intermediaries, which are often less protected than the average of the economy for the sake of development of final goods’ production. The manufactured goods are traded relatively often as well, mainly in consequence of their poor protection after many successful liberalization steps in the framework of GATT/WTO. Consequently, we point out that in many respects the TTIP will be important not only for its participants, but for the whole world economy as well. TTIP appears to be an economic and political project with serious consequences for the world economy and politics.

A tale of two commodities: how EU mycotoxin regulations have affected u.s. tree nut industries

2008 ◽  
Vol 1 (1) ◽  
pp. 95-102 ◽  
Author(s):  
F. Wu
Keyword(s):  
Economic Impacts ◽  
The European Union ◽  
High Quality ◽  
Export Markets ◽  
Quality Product ◽  
The World ◽  
Food And Feed ◽  
High Quality Product ◽  
The U.S ◽  
The Eu

The European Union (EU) has some of the strictest standards for mycotoxins in food and feed in the world. This paper explores the economic impacts of these standards on other nations that attempt to export foods that are susceptible to one mycotoxin, aflatoxin, to the EU. The current EU standard for total aflatoxins in food is 4 ng/g in food other than peanuts, and 15 ng/g in peanuts. Under certain conditions, export markets may actually benefit from the strict EU standard. These conditions include a consistently high-quality product, and a global scene that allows market shifts. Even lower-quality export markets can benefit from the strict EU standard, primarily by technology forcing. However, if the above conditions are not met, export markets suffer from the strict EU standard. Two case studies are presented to illustrate these two different scenarios: the U.S. pistachio and almond industries. Importantly, within the EU, food processors may suffer as well from the strict aflatoxin standard. EU policymakers should consider these more nuanced economic impacts when developing mycotoxin standards for food and feed.

scholarly journals Three Essays on Corporate Financial Constraints

2021 ◽  
Author(s):  
◽  
Kwabena Boasiako
Keyword(s):  
Credit Risk ◽  
Financial Markets ◽  
The United States ◽  
Data Breach ◽  
Data Breaches ◽  
The Third ◽  
Financial Deregulation ◽  
Disclosure Laws ◽  
The Impact ◽  
The U.S

<p><b>This thesis is composed of three self-contained empirical essays in corporate finance, with the first two exploring the financial policy and credit risk implications of data breaches, and the third examining whether financing influences the sensitivity of cash and investment to asset tangibility. In the first essay, we contribute to the growing debate on cybersecurity risks and how firms can insulate themselves, at least partially, from the adverse effects of data breach risks. Specifically, we examine the effects of data breach disclosure laws and the subsequent disclosure of data breaches on the cash policies of corporations in the United States (U.S.). Exploiting a series of natural experiments regarding staggered state-level data breach disclosure laws, we find that the passage of mandatory disclosure laws leads to an increase in cash holdings. Our finding suggests that mandatory data breach disclosure laws increase the ex ante risks related to data breaches, hence, firms hold on to more cash as a precautionary motive. Further, we find firms that suffer data breaches adjust their financial policies by holding more cash as well as decreasing external finance and investment.</b></p> <p>The second essay examines the impact of data breaches on firm credit risk. Using firm-level credit ratings and credit default swap (CDS) spreads to proxy for credit risk, we find that data breaches lead to increases in firm credit risk. Firms exposed to data breaches are more likely to experience credit rating downgrades and an increase in the CDS spread of traded bonds. Also, firms who suffer data breaches report lower sales and ROA, experience an increase in financial distress, and conditional on a data breach incident, the likelihood of a future data breach increases. Lastly, these effects are magnified for firms with low-interest coverage ratios.</p> <p>In the third essay, using the financial deregulation of seasoned equity issuance in the U.S. as an exogenous shock to access to equity markets, I investigate the influence of financing on the sensitivity of cash and investment to asset tangibility. I show that financing dampens the sensitivity of cash and investment to asset tangibility and promotes investment and firm growth. This provides evidence that public firms even in well-developed financial markets such as the U.S., benefit from financial deregulation that removes barriers to external equity financing, shedding light on the role of financial markets in fostering growth.</p>

scholarly journals Managed Trade

2019 ◽  
Vol 19 (251) ◽  
Author(s):  
Eugenio Cerutti ◽  
Shan Chen ◽  
Pragyan Deb ◽  
Albe Gjonbalaj ◽  
Swarnali Hannan ◽  
...  
Keyword(s):  
European Union ◽  
Bilateral Trade ◽  
International System ◽  
Trade Diversion ◽  
Spillover Effects ◽  
Domestic Demand ◽  
The European Union ◽  
The World ◽  
Managed Trade ◽  
The U.S

The trade discussions between the U.S. and China are on-going. Not much is known about the shape and nature of a potential agreement, but it seems possible that it would include elements of managed trade. This paper attempts to examine the direct, first-round spillover effects for the rest of the world from managed trade using three approaches. The results suggest that, in the absence of a meaningful boost in China’s domestic demand and imports, bilateral purchase commitments are likely to generate substantial trade diversion effects for other countries. For example, the European Union, Japan, and Korea are likely to have significant export diversion in a potential deal that includes substantial purchases of U.S. vehicles, machinery, and electronics by China. At the same time, a deal that puts greater emphasis on commodities would put small commodity exporters at a risk. This points to the advantages of a comprehensive agreement that supports the international system and avoids managed bilateral trade arrangements.

scholarly journals Social credit mechanisms and modern standards of legal protection of personal data: correspondence problems

2021 ◽  
pp. 174-189
Author(s):  
Roman Z. Rouvinsky
Keyword(s):  
Public Administration ◽  
Data Protection ◽  
Management Practices ◽  
Personal Information ◽  
Personal Data ◽  
Legal Protection ◽  
The European Union ◽  
Credit System ◽  
General Data Protection Regulation ◽  
Social Credit

The subject of this article is the problem of correspondence of the practices of digital profiling and social score, which imply collection and analysis of biographical (reputational) information, to the worldwide-accepted standards of protection of personal data and privacy. Analysis is conducted on the legislation of the People's Republic of China &ndash; the country that in recent years has implemented the &ldquo;Social Credit System&rdquo; in the sphere of public administration. This project consists of management practices, which are viewed through the prism of the legal model of personal data protection formed by the Law in Protection of Personal Information adopted in 2021. The peculiarity of this research is its comparative legal nature: the provisions of China&rsquo;s legislation are juxtaposed to the provisions of the General Data Protection Regulation adopted in the European Union and Russia&rsquo;s Federal Law &ldquo;On Personal Data&rdquo;. Assessment is given to the European and Russian models of regulation of operations with personal data in the context of possible implementation of digital profiling practices, social score (ranking, grading), and automated law enforcement decision-making. Having determined the gaps in the current Russian and EU legislation on personal data, and indicating the risk caused by the presence of blanket rules, the conclusion is made according to which the modern legislation on personal data can be an obstacle for arbitrary use of such data; however, it cannot stop the implementation of innovative technologies, mechanisms and practices that suggest using registry and biographical information of individuals for the purpose of social control into the public administration.

The World is Polluted With Leaked Cyber Data

2019 ◽  
pp. 497-513
Author(s):  
Ivan D. Burke ◽  
Renier P. van Heerden
Keyword(s):  
Senior Management ◽  
Security Threat ◽  
Data Breach ◽  
Corporate Networks ◽  
Data Breaches ◽  
It Managers ◽  
The World ◽  
Corporate Network ◽  
Threat Levels ◽  
Scale Data

Data breaches are becoming more common and numerous every day, where huge amount of data (corporate and personal) are leaked more frequently than ever. Corporate responses to data breaches are insufficient, when commonly remediation is minimal. This research proposes that a similar approach to physical pollution (environmental pollution) can be used to map and identify data leaks as Cyber pollution. Thus, IT institutions should be made aware of their contribution to Cyber pollution in a more measurable method. This article defines the concept of cyber pollution as: security vulnerable (such as unmaintained or obsolete) devices that are visible through the Internet and corporate networks. This paper analyses the recent state of data breach disclosures Worldwide by providing statistics on significant scale data breach disclosures from 2014/01 to 2016/12. Ivan Burke and Renier van Heerden model security threat levels similar to that of pollution breaches within the physical environment. Insignificant security openings or vulnerabilities can lead to massive exploitation of entire systems. By modelling these breaches as pollution, the aim is to introduce the concept of cyber pollution. Cyber pollution is a more tangible concept for IT managers to relay to staff and senior management. Using anonymised corporate network traffic with Open Source penetration testing software, the model is validated.

Data breach trends in the United States

2015 ◽  
Vol 22 (2) ◽  
pp. 242-260 ◽  
Author(s):  
Robert E. Holtfreter ◽  
Adrian Harrington
Keyword(s):  
Nonprofit Organizations ◽  
Personal Information ◽  
The United States ◽  
Annual Number ◽  
Privacy Rights ◽  
Data Breach ◽  
Content Type ◽  
Data Breaches ◽  
The Usa ◽  
Consumer Advocate

Purpose – The main purpose of this paper is to analyze the trends of various types of data breaches and their compromised records in the USA using a new model recently developed by the authors. Design/methodology/approach – The 2,280 data breaches and over 512 million related compromised records tracked by the Privacy Rights Clearinghouse from 2005 through 2010 were analyzed and classified into four external, five internal and one non-traceable data breach categories, after which trends were determined for each. Findings – The findings indicate that although the trends for the annual number of data breaches and each of the internal and external categories and their related compromised records have increased over the six-year period, the changes have not been consistent from year to year. Practical implications – By classifying data breaches into internal and external categories with the use of this new data breach model provides an excellent methodological framework for organizations to use to develop more workable strategies for safeguarding personal information of consumers, clients, employees and other entities. Originality/value – The topic of data breaches remains salient to profit and nonprofit organizations, researchers, legislators, as well as criminal justice practitioners and consumer advocate groups.

Negotiated Contracts for Cloud Services

2021 ◽  
pp. 100-144
Author(s):  
W Kuan Hon ◽  
Christopher Millard ◽  
Ian Walden ◽  
Conor Ward
Keyword(s):  
Data Protection ◽  
Risk Mitigation ◽  
Cloud Services ◽  
Data Breach ◽  
Data Breaches ◽  
Standard Contract ◽  
Cloud Providers ◽  
General Data ◽  
To Come

This chapter examines negotiated contracts for cloud services. Given that the use of cloud services has now become widely accepted and in light of the fact that providers' standard contract terms have evolved if not improved, do customers still deem it necessary to seek to negotiate contracts and if so, which issues are typically focused on? Are providers willing to negotiate or have they hardened their attitudes to negotiation? The chapter outlines providers' perspectives on cloud contract terms and customers' perspectives on cloud contracts including the role of integrators. It looks at the factors that customers take into account when considering specific terms, including whether or not to negotiate the terms in question or look at other methods of risk mitigation. The fact that data breach response and liability for data breaches tops the list of most-negotiated terms suggests that cloud providers and customers are still grappling with the General Data Protection Regulation's (GDPR) requirements and trying to come up with terms that will satisfy both customers' and providers' needs.

Sign in / Sign up

Export Citation Format

Share Document