Data Security, Data Breaches, and Compliance

Abstract

This chapter explores the attributes of compliance in the context of data breaches. First, it identifies the sort of corporate governance problem that data breaches create. Then, it approaches the empirical work related to data breaches and to the organization of compliance-based responses in terms of risk assessment, training and compliance, both preemptively and after a breach. Next, the chapter discusses the extant theoretical and empirical evidence about the short and the long term impact of IT security events on breached firms as well as corporate governance issues relating to data breaches. It also examines studies that evaluate the impact of different types of events on various types of firms and stakeholders. The chapter also explores how data breaches impact broader issues of corporate governance and compliance. In the end, it identifies potential research questions and avenues for future researchers on how firms or governments might have to think about their IT security investments and the necessary measures that have to be in place to respond effectively if such events occur.