Abstract
A digital-first society requires its citizens to carry out essential activities online e.g., applying for a passport, managing pension funds or scheduling medical appointments. Sensitive and personal information is requested and provided in the hope that the confidentiality, integrity and availability thereof will be preserved. In reality, data breaches occur with distressing regularity. When this occurs, ‘second’ victims are created: the customers whose data has been leaked. In many cases, service providers demonstrate very little care or concern for these victims, responsibilizing instead of supporting them. We surveyed 175 respondents, including second victims, non-victims and managers. It becomes clear that a ‘feudal security’ paradigm informs organisations’ responses to data breaches. Indeed, the buck seems to stop with second victims, instead of with the breached service provider. We propose an ‘Ethical Responsibilization’ paradigm which would see second victims treated more equitably and fairly.
Original language | English |
---|---|
Title of host publication | NSPW '24 |
Subtitle of host publication | Proceedings of the 2024 New Security Paradigms Workshop |
Place of Publication | New York, NY |
Pages | 106-125 |
Number of pages | 20 |
DOIs | |
Publication status | Published - 16 Jan 2025 |
Event | New Security Paradigms Workshop - Bedford, United States Duration: 16 Sept 2024 → 19 Sept 2024 https://www.nspw.org/2024 |
Conference
Conference | New Security Paradigms Workshop |
---|---|
Abbreviated title | NSPW |
Country/Territory | United States |
City | Bedford |
Period | 16/09/24 → 19/09/24 |
Internet address |
Funding
This work is supported by REPHRAIN: National Research centre on Privacy, Harm Reduction and Adversarial Influence online (EPSRC Grant: EP/V011189/1).
Keywords
- data breaches
- responsibilisation
- data security