Amplifying victim vulnerability: Unanticipated harm and consequence in data breach notification policy

Loss of control over one’s identity through identity usurpation, or identity theft, results in victimization characterized by multiple species of harm: material harms such as financial loss; medical harms such as psychological distress and consequential physiological illness; and moral harms such as...

Full description

Saved in:
Bibliographic Details
Published in:International review of victimology 2023-09, Vol.29 (3), p.341-365
Main Authors: Gibson, Dennis, Harfield, Clive
Format: Article
Language:English
Subjects:
Autonomy
Breaches
Efficacy
Financial loss
Identity
Identity theft
Infringement
Loss of control
Mitigation
Notification
Personal information
Privacy
Psychological distress
Victimization
Victims
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Loss of control over one’s identity through identity usurpation, or identity theft, results in victimization characterized by multiple species of harm: material harms such as financial loss; medical harms such as psychological distress and consequential physiological illness; and moral harms such as infringement of autonomy. Digital data breaches are a common means by which identity can be usurped and laws have been enacted requiring data-holders to notify data subjects when their personal information held on digital databases has been compromised. The intention is that victims should then be able to undertake their own mitigation measures. This paper explores the efficacy of this approach as a solution and argues that this policy – particularly in the light of new digital criminal methodologies – creates a conflict of victims’ interests. It is an unintended outcome of policy that exacerbates, rather than resolves, identity usurpation and associated victimization in the digital environment.
ISSN:0269-7580
2047-9433
DOI:10.1177/02697580221107683