![Sample our Politics & International Relations journals, sign in here to start your FREE access for 14 days]({"type":"image" , "src" : "/sda/5947/TOC-Subject-Sample-2021-Politics-International-Relations.jpg"})
Abstract
Data breaches can have large effects on organizations as their information systems are compromised. This paper examines data breaches and the impact of data breaches on the stock price of corporations. Furthermore, this paper examines the regulatory framework of data breaches and both legal issues and the impact of cases in this area. The findings are summarized and future research in this area is proposed.
Notes
1 Michael Hooker and Jason Pill, “You’ve Been Hacked, and Now You’re being Sued: The Developing World of Cybersecurity Litigation” (August 2016) 90 Florida Bar Journal 30.
2 IBM Security, Cost of a Data Breach Report 2020 (IBM Corporation, July 2020).
3 Ibid.
4 Edward A Morse, Vasant Raval, and John R Wingender Jr, “Market Price Effects of Data Security Breaches” (2011) Information Security Journal: A Global Perspective 263–73.
5 Penny Crossman, “How Much Do Data Breaches Cost?” American Banker (2014) 179:f335. Obtained from Business Source Complete on 9 April 2019.
6 Samantha Sharf, “What It Means for Home Depot If Data Breach Is Larger Than Target's”, Forbes, 3 September 2014 (accessed 4 June 2019).
7 Global Payments. 28 February 2013. Form 10-Q, Filed with the United States Securities and Exchange Commission.
8 Morse, supra n 4.
9 Crossman, supra n 5.
10 Francis Kofi Andoh-Baidoo, Kwasi Amoako-Gyampah, and Kweku-Muata Osei-Bryson, “How Internet Security Breaches Harm Market Value” (January/February 2010) IEEE Computer and Reliability Societies 36–42; Huseyin Cavusoglu, Birendra Mishra, and Srinivasan Raghunathan, “The Effect of Internet Security Breach Announcements on Market Value: Capital Market Reactions for Breached Firms and Internet Security Developers” (Fall 2004) 9(1) International Journal of Electronic Commerce 69–104; Karthik Kannan, Jackie Rees and Sanjay Sridhar, “Market Reactions to Information Security Breach Announcements: An Empirical Analysis” (Fall 2007) 12(1) International Journal of Electronic Commerce 69–91; Kevin M Gatzlaff and Kathleen A McCullough, “The Effect of Data Breaches on Shareholder Wealth” (March 2010) 13(1) Risk Management and Insurance Review 61–83; Sanjay Goel and Hany A Shawky, “The Impact of Federal and State Notification Laws on Security Breach Announcements” (January 2014) 34(3) Communications of the Association of Information Systems 37–50; Oliver Hinz, Michael Nofer, Dirk Schiereck, and Julian Trillig, “The Influence of Data Theft on the Share Prices and Systematic Risk of Consumer Electronics Companies” (2015) 52 Information & Management 337–47.
11 Ibid Cavusoglu.
12 Goel, supra n 10.
13 Cavusoglu, supra n 10.
14 Andoh-Baidoo et al., supra n 10.
15 Sanjay Goel and Hany A Shawky, “Estimating the Market Impact of Security Breach Announcements on Firm Values”(2009) 46 Information & Management 404–10.
16 Katherine T Smith, L Murphy Smith, and Jacob L. Smith, “Case Studies of Cybercrime and their Impact on Marketing Activity and Shareholder Value” (2011) 15(2) Academy of Marketing Studies Journal 67–81.
17 Morse, supra n 4.
18 Kannan, supra n 10.
19 Eric Chemi, “Investors Couldn't Care Less About Data Breaches”, Bloomberg Business. http://www.bloomberg.com/bw/articles/2014-05-23/why-investors-just-dont-care-about-data-breaches (accessed 2 September 2019).
20 Hinz, supra n 10.
21 Ibid.
22 Madelyn Tarr, “Accountability is the Best (Privacy) Policy: Improving Remedies for Data Breach Victims through Recognition of Privacy Policies as Enforceable Agreements” (2018) 3 Georgetown Law Technology Review 162, 170.
23 Ibid.
24 See Cal. Civ. Code § 1798.81.5(b) (2016).
25 See 201 Mass. Code Regs. 17.01-05 (2018).
26 Tarr, supra n 47, 172.
27 Ibid.
28 Cal. Civ. Code § 1798.84(b) (2010).
29 Tarr, supra n 47, 172.
30 Ibid.
31 Cal. Civ. Code § 1798.100 (2018).
32 Robinson supra n 43, 41 n. 178. See also Commission Regulation 2016/679, art. 13-21, 2016 O.J. (L 119) 1, 48-54.
33 Ibid.
34 Joanna Kessler, “Data Protection in the Wake of the GDPR: California’s Solution for Protecting ‘The World’s Most Valuable Resource’” (2019) 93 Southern California Law Review 99, 112–13.
35 Ibid.
36 Ibid, 107–08.
37 Ibid, 105.
38 Ibid, 109.
39 Goel, supra n 10.
40 Ravi Sen and Sharad Borle, “Estimating the Contextual Risk of Data Breach: An Empirical Approach” (2015) 32(2) Journal of Management Information Systems 314–41.
41 Anat Hovav and Paul Gray, “The Ripple Effect of an Information Security Breach Event: A Stakeholder Analysis” (January 2014) 34(50) Communications of the Association of Information Systems 893–912.
42 Personal Data: The Emergence of a New Asset Class, World Economic Forum (January 2011), http://www3.weforum.org/docs/WEF_ITTC_PersonalDataNewAsset_Report_2011.pdf, at 5.
43 Daniel J Marcus, “The Data Breach Dilemma: Proactive Solutions for Protecting Consumers’ Personal Information” (2018) 68 Duke Law Journal 555, 559.
44 Hooker and Pill, supra n 1.
45 Ibid.
46 Marcus, supra n 3, 559.
47 Ibid, 560.
48 Ibid.
49 Ibid.
50 Hooker and Pill, supra n 1.
51 Megan Dowty, “Life is Short. Go to Court: Establishing Article III Standing in Data Breach Cases” (2017) 90 Southern California Law Review 683, 686.
52 28 U.S.C. § 1332(d) (2012).
53 Dowty, supra n 11, 686.
54 Ibid.
55 Ibid.
56 Ibid, 688.
57 Ibid, 689.
58 Christina Behan, “Leaving Class Action Plaintiffs With Too Many Legs to Stand On: The Inconsistent Application of Article III Standing Requirements in Data Breach Cases” (2018) 46 Florida State University Law Review 169, 174.
59 Dowty, supra n 11, 686. See also Carlton Fields and Jorden Burt, The 2015 Carlton Fields Jorden Burt Class Action Survey 9 (2015), http://www.thenalfa.org/files/2015_Carlton_Class_Action_Survey.pdf.
60 Marcus, supra n 3, 559.
61 Hooker and Pill, supra n 1.
62 SEC Rule 10b-5, codified at 17 C.F.R. 240.10b-5.
63 Miles Christian Skedsvold, “A Duty to Safeguard: Data Breach Litigation through a Quasi-Bailment Lens” (2018) 25 Journal of Intellectual Property Law 201, 206–07.
64 Ibid.
65 Basic v. Levinsion, 485 U.S 224, 241–42 (1988).
66 Donald C Langevoort, “Basic at Twenty: Rethinking Fraud on the Market” (2009) Wisconsin Law Review 151, 179.
67 Skedsvold, supra n 23, 207.
68 In Re Heartland Payment Sys., Inc. Sec. Litig., Civ. No. 09-1043, 2009 WL 4798148, at *1 (D.N.J. Dec. 7, 2009).
69 Ibid.
70 Ibid, *5.
71 Ibid.
72 Ibid, *2.
73 Ibid, *3.
74 Ibid, *5.
75 In re Equifax Inc. Sec. Litig., 357 F. Supp. 3d 1189, 1205 (N.D. Ga. 2019).
76 Ibid.
77 Ibid.
78 Ibid, 1223 (emphasis supplied).
79 Ibid, 1224.
80 Ibid. quoting Staff of S. Permanent Subcomm. on Investigations of the S. Comm. on Homeland Security and Governmental Affairs, 116th Cong., Rep. on How Equifax Neglected Cybersecurity and Suffered a Devastating Data Breach 6 (2019).
81 Skedsvold, supra n 23, 207.
82 Emory G Lee III and Thomas W. Willging, Fed. Judicial Ctr., Impact of the Class Action Fairness Act on the Federal Courts: Preliminary Findings from Phase Two's Pre-CAFA Sample of Diversity Class Actions 11 (2008).
83 Dallin Robinson, “Click Here to Sue Everybody: Cutting the Gordian Knot of the Internet of Things with Class Action Litigation” (2020) 26 Richmond Journal of Law and Technology 4, 8.
84 Ibid.
85 Press Release, Federal Trade Commission, Equifax to Pay $575 Million as Part of Settlement with FTC, CFPB, and States Related to 2017 Data Breach (22 July 2019), https://www.ftc.gov/news-events/press-releases/2019/07/equifax-pay-575-million-part-settlement-ftc-cfpb-states-related.
86 Bryan Pietsch, “Factbox: Biggest U.S. Data Breach Settlements before Equifax”, Reuters, 22 July 2019, https://www.reuters.com/article/us-equifax-cyber-settlement-factbox/factbox-biggest-u-s-data-breach-settlements-before-equifax-idUSKCN1UH22P.
Additional information
Notes on contributors
Tim Klaus
Dr. Tim Klaus is a Professor at Texas A&M University – Corpus Christi. He earned his PhD (Business Administration) from University of South Florida. His primary research interests are Financial Systems, ERP implementations, and Mobile and Web Applications. He has published papers in journals such as Communications of the ACM (CACM), Journal of International Technology (JIT), and European Journal of Information Systems (EJIS). [email protected]
Brian Elzweig
Brian Elzweig is an Associate Professor of Business Law at the University of West Florida. He holds a JD from California Western School of Law, and an LL.M. in Securities and Financial Regulation form Georgetown University. He is admitted to practice law in the State of Florida. [email protected]