A study by researchers from the University of Minnesota and George Mason University has reportedly claimed that US cybersecurity laws on breach notifications have little to no effect on curbing data breach incidents in the country.
The legislation that requires businesses to tell customers if their data has been compromised, known as breach notification laws (BNLs), enacted by governments of all 50 states, has reportedly been discovered by the study as ineffective after comparing data on data breach incidents before and after the enactment of the laws.
The Privacy Rights Clearinghouse (PRC), a group organizing information on corporate data breaches since 2005, reportedly provided the researchers with the data, including details about the number of compromised records, the locations, causes, and the names of the affected firms.
The study also reportedly looked into how BNLs affected the numbers and severity of fraud and identity theft based on alternative data from the FTC's Consumer Sentinel Network Data Book to assess how BNLs affected the number and size of data breaches in various US states between 2005 and 2019.
According to reports, the study provides a solid foundation for the conclusion that BNLs have no significant e impact on data breaches or the subsequent abuse of compromised data.
Furthermore, the study's findings show no longer-term drop in data misuse following breaches. These non-effects are accurately estimated nulls that hold authentic across many organizations, periods, types of data breaches, and BNL types.
Read Also : Sensitive US Military Data Exposed in DOD Email Leak, Affecting More Than 20K Individuals
Breach Notifications vs. Data Breach
As per Techxplore, Bran N Greenwood, one of the researchers who conducted the study, claims the results show how glaringly significant the lack of effect is regarding BNLs and data breach incidents.
The study reportedly points to the lack of public information dissemination and seemingly varied notification criteria as a possible cause of BNL's inefficiency. The researchers then suggested issues might be resolved by a different federal system, enabling a national BNL to accomplish objectives that state BNLs have ostensibly failed to attain.
Growing Cybercrime Vulnerability
The study's results come as various sectors continue to struggle against threat actors and data breaches; according to reports, in 2023, 133 million health records were made public due to data breaches, primarily due to hacking attacks against healthcare providers and their suppliers.
According to an investigation by The HIPAA Journal, there were an average of two health data intrusions or thefts of at least 500 records daily in the US last year.
Healthcare, in particular, is vulnerable to data breaches, with hospitals' growing digital footprint proving to be the cause due to its unexpected repercussions, according to John Riggi, cybersecurity adviser for the American Hospital Association.
This growing digital footprint supposedly gives hackers many chances to breach hospital networks and take crucial systems hostage for significant ransom payments.