RAND Corporation Issues Report Regarding “Consumer Attitudes Toward Data Breach Notifications And Loss of Personal Information”

King & Spalding

On April 14, 2016, the RAND Corporation (“RAND”) released the results of a “first-of-its-kind consumer survey” by the RAND Institute for Civil Justice (“ICJ”) (the “Report”)  which was “designed to provide useful information to companies, policymakers, and the public about the consumer’s experience of data loss.” 

The results were based on communications with 2,038 adults between May 14 and June 1, 2015, in the following areas:

  • How frequently do consumers receive breach notifications and what type of data are typically lost or stolen?
  • What is the typical response toward the notification, the company, and the company’s follow-on actions after a breach?
  • What are the perceived personal costs resulting from a breach?
  • How satisfied are consumers with breach notifications?
  • What actions, if any, do consumers take following a breach notification?
  • What is the average rate of customer attrition following a breach notification?

Researchers gleaned the following:

  • 26 percent of respondents, or an estimated 64 million adults in the United States, recalled  receiving a breach notification in the 12-month period before the survey.
  • Of those who received a notification in their lifetime, 44 percent were already aware of the breach.
  • 62 percent of respondents accepted offers of free credit monitoring.
  • Only 11 percent of respondents stopped dealing with the company following a breach.
  • Of those who estimated a dollar value-equivalent cost of the breach and any inconvenience it garnered, the median cost was $500.
  • 77 percent of respondents were highly satisfied with the company’s post-breach response.  
  • Respondents recommended several steps companies could take to better protect their data, including offering free credit monitoring or similar assistance to ensure that compromised data would not be used improperly and providing consumers immediate notification of a breach. 

It is well-known that corporations, nonprofit organizations, government agencies and individuals regularly face cyber security breaches of sensitive information.  Moreover, “[a]s of March 2016, 47 states and the District of Columbia have adopted laws that require companies to notify individuals in the event that their personal information is lost or stolen.” 

Navigating these disparate laws and the consumer perceptions of cyber security issues are increasingly complicated matters for everyone engaging in internet-based activities. 

The Report and related information may be accessed here

Reporter, Claudia A. Hrvatin, Washington, DC, +1 202 661 7950, chrvatin@kslaw.com.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© King & Spalding | Attorney Advertising

Written by:

King & Spalding

King & Spalding on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.