"When data breaches happen, where does the buck stop ... and where should it stop?"

Partha Das Chowdhury, Karen Renaud, Awais Rashid

Research output: Chapter in Book/Report/Conference proceedingConference contribution book

Abstract

A digital-first society requires its citizens to carry out essential activities online e.g., applying for a passport, managing pension funds or scheduling medical appointments. Sensitive and personal information is requested and provided in the hope that the confidentiality, integrity and availability thereof will be preserved. In reality, data breaches occur with distressing regularity. When this occurs, ‘second’ victims are created: the customers whose data has been leaked. In many cases, service providers demonstrate very little care or concern for these victims, responsibilizing instead of supporting them. We surveyed 175 respondents, including second victims, non-victims and managers. It becomes clear that a ‘feudal security’ paradigm informs organisations’ responses to data breaches. Indeed, the buck seems to stop with second victims, instead of with the breached service provider. We propose an ‘Ethical Responsibilization’ paradigm which would see second victims treated more equitably and fairly.
Original languageEnglish
Title of host publicationNSPW '24
Subtitle of host publicationProceedings of the 2024 New Security Paradigms Workshop
Place of PublicationNew York, NY
Pages106-125
Number of pages20
DOIs
Publication statusPublished - 16 Jan 2025
EventNew Security Paradigms Workshop - Bedford, United States
Duration: 16 Sept 202419 Sept 2024
https://www.nspw.org/2024

Conference

ConferenceNew Security Paradigms Workshop
Abbreviated titleNSPW
Country/TerritoryUnited States
CityBedford
Period16/09/2419/09/24
Internet address

Funding

This work is supported by REPHRAIN: National Research centre on Privacy, Harm Reduction and Adversarial Influence online (EPSRC Grant: EP/V011189/1).

Keywords

  • data breaches
  • responsibilisation
  • data security

Fingerprint

Dive into the research topics of '"When data breaches happen, where does the buck stop ... and where should it stop?"'. Together they form a unique fingerprint.

Cite this