Over the past five years, 43 US states have adopted data breach notification laws, but have these laws reduced identity theft? Not according to researchers at Carnegie Mellon University who just published an analysis of data supplied by the US Federal Trade Commission (FTC).

“There doesn’t seem to be any evidence that the laws actually reduce identity theft,” said Sasha Romanosky, one of the authors of the analysis. His team looked at FTC identity theft complaints filed between 2002 and 2006 to see whether there was a noticeable impact on complaints in states that had adopted data breach notification laws such as California’s SB 1386, which compels companies and institutions to notify state residents when their personal information has been lost or stolen.

It looks like there may be good reasons that explain why breach laws have not cut down on identity theft. Many consumers ignore breach notification letters. And Romanosky believes that security firms are still not doing enough to protect data themselves. “In so many of these cases, the breaches occur because of ridiculous security practices,” he said.

This entry was posted on Thursday, June 12th, 2008 at 3:15 pm and is filed under Data Breach, Federal Legislation, ID Theft Prevention, Identity theft prevention, Sasha Romanosky, carnegie mellon study, customer privacy, data loss, federal trade commission, ftc, identity fraud, identity theft, identity theft complaints, identity theft protection. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.