Anonymous Disclosure of Security Breaches, in Securing Privacy in the Internet Age
Author(s): Paul M. Schwartz
Abstract: Reputational sanctions are often offered as a substitute for law. Robert Ellickson has shown how social norms and gossip allow Shasta County ranchers to order theirs affairs and resolve disputes without resort to, or regard for, legal sanctions. In business regulation, particularly in the post-Sarbanes-Oxley world, disclosure is king. On eBay, feedback fora allow participants to choose trading partners based on the number of positive and negative experiences others have had with the proposed counterparty. The emerging regime for regulating data security is no exception, with recent state statutes and federal regulations mandating customer notice of security breaches involving personally identifiable data. In all of these contexts, information about reputation benefits the public.
Keywords: internet privacy, personal data, cyberspace, privacy marketLink: http://www.paulschwartz.net/breach_notification/01.html