Abstract
Legal privacy scholarship typically emphasizes the various ways that plaintiffs fail when bringing legal actions against entities when their personal information is lost or stolen. However past scholarship considers only a limited sample of published judicial opinions from large data breaches. And so, little is actually known about the characteristics and outcomes of a representative set of data breach lawsuits. In this manuscript, we manually collect data from Westlaw and PACER and analyze court dockets of over 200 federal data breach lawsuits from 1998 to 2010, making this, to our knowledge, the first empirical examination of data breach litigation. We explore two main research questions. First, what characteristics of a data breach drive litigation, and why? Second, what characteristics of the breach and the lawsuit drive settlement, and why?
Recommended Citation
Romanosky, Sasha; Hoffman, David; and Acquisti, Alessandro, "Empirical Analysis of Data Breach Litigation" (2011). ICIS 2011 Proceedings. 10.
https://aisel.aisnet.org/icis2011/proceedings/ISsecurity/10
Empirical Analysis of Data Breach Litigation
Legal privacy scholarship typically emphasizes the various ways that plaintiffs fail when bringing legal actions against entities when their personal information is lost or stolen. However past scholarship considers only a limited sample of published judicial opinions from large data breaches. And so, little is actually known about the characteristics and outcomes of a representative set of data breach lawsuits. In this manuscript, we manually collect data from Westlaw and PACER and analyze court dockets of over 200 federal data breach lawsuits from 1998 to 2010, making this, to our knowledge, the first empirical examination of data breach litigation. We explore two main research questions. First, what characteristics of a data breach drive litigation, and why? Second, what characteristics of the breach and the lawsuit drive settlement, and why?