A study published this week by Carnegie Mellon researchers concludes that data breach notification laws that have been enacted in 43 US states do not seem to be causing a decrease in the rate of identity theft.
An article published in Infoworld reports that:
“‘There doesn’t seem to be any evidence that the laws actually reduce identity theft,’ said Sasha Romanosky, a Ph.D student at Carnegie Mellon who is one of the paper’s authors. Romanosky’s team took a state-by-state look at FTC identity theft complaints filed between 2002 and 2006 to see whether there was a noticeable impact on complaints in states that had adopted data breach notification laws such as California’s SB 1386, which compels companies and institutions to notify state residents when their personal information has been lost or stolen.”
The authors call for the federal government to pass a uniform breach notification law in order to eliminate conflicts that exist between state laws and to ensure an appropriate standard for effectively notifying individuals whose personal information has been compromised.
As noted by InfoWorld, however, as to what other factors may be contributing to the lack of reduction in the incidence of identity theft — “the fraudsters are also getting better at what they do”.