Thumbnail Image
Item

Amplifying victim vulnerability : Unanticipated harm and consequence in data breach notification policy

Gibson, Dennis
Harfield, Clive
Citations
Google Scholar:
Lookup
Altmetric:
Author
Gibson, Dennis
Harfield, Clive
Abstract
Loss of control over one’s identity through identity usurpation, or identity theft, results in victimization characterized by multiple species of harm: material harms such as financial loss; medical harms such as psychological distress and consequential physiological illness; and moral harms such as infringement of autonomy. Digital data breaches are a common means by which identity can be usurped and laws have been enacted requiring data-holders to notify data subjects when their personal information held on digital databases has been compromised. The intention is that victims should then be able to undertake their own mitigation measures. This paper explores the efficacy of this approach as a solution and argues that this policy – particularly in the light of new digital criminal methodologies – creates a conflict of victims’ interests. It is an unintended outcome of policy that exacerbates, rather than resolves, identity usurpation and associated victimization in the digital environment.
Keywords
data breach notification, digital victimization, harm mitigation, policy, ransomware
Date
2022
Type
Journal article
Journal
International Review of Victimology
Book
Volume
29
Issue
3
Page Range
341-365
Article Number
ACU Department
Thomas More Law School
Faculty of Law and Business
Collections
Thomas More Law School
Show all metadata
URI
https://hdl.handle.net/20.500.14802/6933
Relation URI
DOI
10.1177/02697580221107683
Source URL
https://journals.sagepub.com/doi/10.1177/02697580221107683
Event URL
Open Access Status
License
All rights reserved
File Access
Controlled
Notes