Data Breaches and Identity Theft
William Roberds and Stacey L. Schreft
Working Paper 2008-22
This paper presents a monetary-theoretic model to study the implications of networks' collection of personal identifying data and data security on each other's incidence and costs of identity theft. To facilitate trade, agents join clubs (networks) that compile and secure data. Too much data collection and too little security arise in equilibrium with noncooperative networks compared with the efficient allocation. A number of potential remedies are analyzed: mandated limits on the amount of data collected, mandated security levels, reallocations of data-breach costs, and data sharing through a merger of the networks.
JEL classification: D83, E42, G28
Key words: identity theft, identity fraud, data breach, fraud, money, search
The authors thank participants at the Chicago Fed Workshop on Money, Banking, and Payments for helpful comments. The views expressed here are the authors' and not necessarily those of the Federal Reserve Bank of Atlanta or the Federal Reserve System. Any remaining errors are the authors' responsibility.
Please address questions regarding content to William Roberds, Research Department, Federal Reserve Bank of Atlanta, 1000 Peachtree Street, N.E., Atlanta, GA 30309-4470, 404-498-8970, firstname.lastname@example.org, or Stacey L. Schreft, The Mutual Fund Research Center, 7301 College Blvd., Ste. 220, Overland Park, KS 66210, 913-319-8167, email@example.com.
For further information, contact the Public Affairs Department, Federal Reserve Bank of Atlanta, 1000 Peachtree Street, N.E., Atlanta, Georgia 30309-4470, 404-498-8020.