Understanding Data Breach from a Global Perspective: Incident Visualization and Data Protection Law Review
:1. Introduction
2. Literature Review
3. Dataset Visualization
3.1. Data Collection Methodology and Considerations
3.2. Records Leaked per Country and Region
3.3. Records Leaked per Sector
4. Study Cases and Possible Mitigation
Adversarial Tactics and Techniques Framework
5. Data Protection Regulation
5.1. Regulatory Measures for Mitigating Data Breaches
5.2. Regulation Levels in the Breached Countries
5.3. Comparison of Regulatory Aspects
5.3.1. Personal Data Definition
5.3.2. Data Protection Authority and Data Protection Officers
5.3.3. Data Breaches Notification
5.3.4. Other Aspects
6. Threats to Validity
7. Conclusions and Future Work
Author Contributions
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
ANPD | National Data Protection Authority |
APP | Australian Privacy Principles |
APPI | Act on the Protection of Personal Information |
CAC | Cyberspace Administration of China |
DPA | Data Privacy Act/Data Protection Authority |
DPDP | Digital Personal Data Protection |
DPO | Data Protection Office |
EDPB | European Data Protection Board |
FADP | Federal Act on Data Protection |
FDPIC | Federal Data Protection and Information Commissioner |
ICO | Information Commissioner’s Office |
IoT | Internet of Things |
GDPR | General Data Protection Regulation |
KVKK | Kişisel Verileri Koruma Kurumu (Personal Data Protection Authority) |
LGPD | General Data Protection Law |
LPPD | Law on Protection of Personal Data |
NPC | National Privacy Commission |
OAIC | Office of the Australian Information Commissioner |
OPC | Office of the Privacy Commissioner |
PA | Privacy Act |
PCPD | Privacy Commissioner for Personal Data |
PDP | Personal Data Protection |
PDPA | Personal Data Protection Act |
PDPC | Personal Data Protection Commission |
PDPL | Personal Data Protection Law |
PDPO | Personal Data Privacy Ordinance |
PIPEDA | Personal Information Protection and Electronic Documents Act |
PIPL | Personal Information Protection Law |
PPA | Privacy Protection Authority |
PPC | Personal Information Protection Commission |
PPL | Protection of Privacy Law |
SIC | Superintendence of Industry and Commerce |
SOF | Superintendence of Finance |
UKGDPR | United Kingdom General Data Protection Regulation |
1 | www.databreachdb.com/ accessed on 26 January 2024 |
2 | www.gov.br/saude/pt-br/acesso-a-informacao/lgpd/registro-de-incidentes-com-dados-pessoais accessed on 26 January 2024 |
3 | www.gov.br/anpd/pt-br/canaisatendimento/agente-de-tratamento/comunicado-de-incidente-de-seguranca-cis accessed on 26 January 2024 |
4 | www.coe.int/en/web/data-protection/ accessed on 26 January 2024 |
- Diez-Olivan, A.; Del Ser, J.; Galar, D.; Sierra, B. Data fusion and machine learning for industrial prognosis: Trends and perspectives towards Industry 4.0. Inf. Fusion 2019, 50, 92–111. [Google Scholar]
- Kovacova, M.; Machova, V.; Bennett, D. Immersive extended reality technologies, data visualization tools, and customer behavior analytics in the metaverse commerce. J.-Self-Gov. Manag. Econ. 2022, 10, 7–21. [Google Scholar]
- Ogbuke, N.J.; Yusuf, Y.Y.; Dharma, K.; Mercangoz, B.A. Big data supply chain analytics: Ethical, privacy and security challenges posed to business, industries and society. Prod. Plan. Control. 2022, 33, 123–137. [Google Scholar] [CrossRef]
- Bani Issa, W.; Al Akour, I.; Ibrahim, A.; Almarzouqi, A.; Abbas, S.; Hisham, F.; Griffiths, J. Privacy, confidentiality, security and patient safety concerns about electronic health records. Int. Nurs. Rev. 2020, 67, 218–230. [Google Scholar] [CrossRef]
- Ileberi, E.; Sun, Y.; Wang, Z. A machine learning based credit card fraud detection using the GA algorithm for feature selection. J. Big Data 2022, 9, 1–17. [Google Scholar] [CrossRef]
- Raghupathi, W.; Raghupathi, V.; Saharia, A. Analyzing Health Data Breaches: A Visual Analytics Approach. AppliedMath 2023, 3, 175–199. [Google Scholar] [CrossRef]
- Perera, S.; Jin, X.; Maurushat, A.; Opoku, D.G.J. Factors affecting reputational damage to organisations due to cyberattacks. Informatics 2022, 9, 28. [Google Scholar] [CrossRef]
- Duggineni, S. Impact of Controls on Data Integrity and Information Systems. Sci. Technol. 2023, 13, 29–35. [Google Scholar]
- Foerderer, J.; Schuetz, S.W. Data breach announcements and stock market reactions: A matter of timing? Manag. Sci. 2022, 68, 7298–7322. [Google Scholar] [CrossRef]
- IBM. Cost of a Data Breach Report; Technical Report; IBM Security: Armonk, NY, USA, 2023. [Google Scholar]
- Zhang, X.; Yadollahi, M.M.; Dadkhah, S.; Isah, H.; Le, D.P.; Ghorbani, A.A. Data breach: Analysis, countermeasures and challenges. Int. J. Inf. Comput. Secur. 2022, 19, 402–442. [Google Scholar] [CrossRef]
- Xue, Y.; Xue, K.; Gai, N.; Hong, J.; Wei, D.S.; Hong, P. An attribute-based controlled collaborative access control scheme for public cloud storage. IEEE Trans. Inf. Forensics Secur. 2019, 14, 2927–2942. [Google Scholar] [CrossRef]
- Farsi, M.; Ali, M.; Shah, R.A.; Wagan, A.A.; Kharabsheh, R. Cloud computing and data security threats taxonomy: A review. J. Intell. Fuzzy Syst. 2020, 38, 2517–2527. [Google Scholar] [CrossRef]
- Neto, N.N.; Madnick, S.; Paula, A.M.G.D.; Borges, N.M. Developing a global data breach database and the challenges encountered. J. Data Inf. Qual. (JDIQ) 2021, 13, 1–33. [Google Scholar] [CrossRef]
- Vojković, G.; Milenković, M.; Katulić, T. IoT and Smart Home Data Breach Risks from the Perspective of Data Protection and Information Security Law. Bus. Syst. Res. Int. J. Soc. Adv. Innov. Res. Econ. 2020, 11, 167–185. [Google Scholar] [CrossRef]
- Nemec Zlatolas, L.; Feher, N.; Hölbl, M. Security perception of IoT devices in smart homes. J. Cybersecur. Priv. 2022, 2, 65–73. [Google Scholar] [CrossRef]
- Rejeb, A.; Rejeb, K.; Treiblmaier, H.; Appolloni, A.; Alghamdi, S.; Alhasawi, Y.; Iranmanesh, M. The Internet of Things (IoT) in healthcare: Taking stock and moving forward. Internet Things 2023, 22, 100721. [Google Scholar] [CrossRef]
- Kiel, J.M. Data privacy and security in the US: HIPAA, hitech and beyond. In Nursing Informatics: A Health Informatics, Interprofessional and Global Perspective; Springer: Berlin/Heidelberg, Germany, 2022; pp. 427–435. [Google Scholar]
- Shahid, J.; Ahmad, R.; Kiani, A.K.; Ahmad, T.; Saeed, S.; Almuhaideb, A.M. Data protection and privacy of the internet of healthcare things (IoHTs). Appl. Sci. 2022, 12, 1927. [Google Scholar] [CrossRef]
- Ugwu, A.O.; Gao, X.; Ugwu, J.O.; Chang, V. Ethical Implications of AI in Healthcare Data: A Case Study Using Healthcare Data Breaches from the US Department of Health and Human Services Breach Portal between 2009–2021. In Proceedings of the 2022 International Conference on Industrial IoT, Big Data and Supply Chain (IIoTBDSC), Beijing, China, 23–25 September 2022; IEEE: Piscataway NJ, USA, 2022; pp. 343–349. [Google Scholar]
- Alfawzan, N.; Christen, M.; Spitale, G.; Biller-Andorno, N. Privacy, data sharing, and data security policies of women’s mhealth apps: Scoping review and content analysis. JMIR Mhealth Uhealth 2022, 10, e33735. [Google Scholar] [CrossRef] [PubMed]
- Utz, C.; Degeling, M.; Fahl, S.; Schaub, F.; Holz, T. (Un) informed consent: Studying GDPR consent notices in the field. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, London, UK, 11–15 November 2019; pp. 973–990. [Google Scholar]
- Strupczewski, G. What Do We Know About Data Breaches? Empirical Evidence from the United States. In Proceedings of the Eurasian Economic Perspectives: Proceedings of the 23rd Eurasia Business and Economics Society Conference, Madrid, Spain, 27–29 September 2020; Springer: Berlin/Heidelberg, Germany, 2020; pp. 281–299. [Google Scholar]
- Saxena, R.; Gayathri, E. Cyber threat intelligence challenges: Leveraging blockchain intelligence with possible solution. Mater. Today Proc. 2022, 51, 682–689. [Google Scholar] [CrossRef]
- Ibrahim, A.; Thiruvady, D.; Schneider, J.G.; Abdelrazek, M. The challenges of leveraging threat intelligence to stop data breaches. Front. Comput. Sci. 2020, 2, 36. [Google Scholar] [CrossRef]
- Noor, U.; Anwar, Z.; Malik, A.W.; Khan, S.; Saleem, S. A machine learning framework for investigating data breaches based on semantic analysis of adversary’s attack patterns in threat intelligence repositories. Future Gener. Comput. Syst. 2019, 95, 467–487. [Google Scholar] [CrossRef]
- Rasoulian, S.; Grégoire, Y.; Legoux, R.; Sénécal, S. The effects of service crises and recovery resources on market reactions: An event study analysis on data breach announcements. J. Serv. Res. 2023, 26, 44–63. [Google Scholar] [CrossRef]
- Wang, H.E.; Wang, Q.E.; Wu, W. Short selling surrounding data breach announcements. Financ. Res. Lett. 2022, 47, 102690. [Google Scholar] [CrossRef]
- Adharsh, C.; Vijayalakshmi, S. Prevention of Data Breach by Machine Learning Techniques. In Proceedings of the 2022 2nd International Conference on Advance Computing and Innovative Technologies in Engineering (ICACITE), Greater Noida, India, 28–29 April 2022; IEEE: Piscataway NJ, USA, 2022; pp. 1819–1823. [Google Scholar]
- Turjeman, D.; Feinberg, F.M. When the data are out: Measuring behavioral changes following a data breach. Mark. Sci. 2023; ahead of print. [Google Scholar]
- Bachura, E.; Valecha, R.; Chen, R.; Rao, H.R. The Opm Data Breach: An Investigation of Shared Emotional Reactions on Twitter. MIS Q. 2022, 46, 881–910. [Google Scholar] [CrossRef]
- Zou, Y.; Danino, S.; Sun, K.; Schaub, F. YouMight’Be Affected: An Empirical Analysis of Readability and Usability Issues in Data Breach Notifications. In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, Glassglow, UK, 4–9 May 2019; pp. 1–14. [Google Scholar]
- Alazab, M.; Hong, S.H.; Ng, J. Louder bark with no bite: Privacy protection through the regulation of mandatory data breach notification in Australia. Future Gener. Comput. Syst. 2021, 116, 22–29. [Google Scholar] [CrossRef]
- Kesari, A. Do data breach notification laws reduce medical identity theft? Evidence from consumer complaints data. J. Empir. Leg. Stud. 2022, 19, 1222–1252. [Google Scholar] [CrossRef]
- Pernot-Leplay, E. China’s approach on data privacy law: A third way between the US and the EU? Penn St. JL Int’l Aff. 2020, 8, 49. [Google Scholar]
- Chatterjee, C.; Sokol, D.D. Data security, data breaches, and compliance. In Cambridge Handbook on Compliance; Daniel Sokol, D., Rooij, B.v., Eds.; Cambridge University Press: Cambridge, UK, 2019. [Google Scholar]
- Silva, J.; Calegari, N.; Gomes, E. After Brazil’s general data protection law: Authorization in decentralized web applications. In Proceedings of the Companion Proceedings of the 2019 World Wide Web Conference; San Francisco, CA, USA, 13–17 May 2019, pp. 819–822.
- Ong, E.I. Singapore report: Data protection in the Internet. In Data Protection in the Internet; Springer: Cham, Switzerland, 2020; pp. 309–347. [Google Scholar]
- Haber, E.; Tamò-Larrieux, A. Privacy and security by design: Comparing the EU and Israeli approaches to embedding privacy and security. Comput. Law Secur. Rev. 2020, 37, 105409. [Google Scholar] [CrossRef]
- Yuan, B.; Li, J. The policy effect of the general data protection regulation (GDPR) on the digital public health sector in the european union: An empirical investigation. Int. J. Environ. Res. Public Health 2019, 16, 1070. [Google Scholar] [CrossRef]
- Mauri, M.; Elli, T.; Caviglia, G.; Uboldi, G.; Azzi, M. RAWGraphs: A visualisation platform to create open outputs. In Proceedings of the 12th Biannual Conference on Italian SIGCHI Chapter, Cagliari, Italy, 18–20 September 2017; pp. 1–5. [Google Scholar]
- Granova, V.; Mashatan, A.; Turetken, O. Changing Hearts and Minds: The Role of Cybersecurity Champion Programs in Cybersecurity Culture. In Proceedings of the International Conference on Human-Computer Interaction, Copenhegen, Denmark, 23–28 July 2023; Springer: Berlin/Heidelberg, Germany, 2023; pp. 416–428. [Google Scholar]
- Wu, E. Sovereignty and data localization. In Belfer Center for Science and International Affairs; Harvard Kennedy School: Cambridge, MA, USA, 2021. [Google Scholar]
- George, D.A.S.; George, A.H. Potential Risk: Hosting Cloud Services Outside the Country. Int. J. Adv. Res. Comput. Commun. Eng. 2022, 11, 5–11. [Google Scholar]
- Sampson, D.; Chowdhury, M.M. The growing security concerns of cloud computing. In Proceedings of the 2021 IEEE International Conference on Electro Information Technology (EIT), Mt. Pleasant, MI, USA, 14–15 May 2021; IEEE: Piscataway NJ, USA, 2022; pp. 050–055. [Google Scholar]
- Seh, A.H.; Zarour, M.; Alenezi, M.; Sarkar, A.K.; Agrawal, A.; Kumar, R.; Ahmad Khan, R. Healthcare data breaches: Insights and implications. Healthcare 2020, 8, 133. [Google Scholar] [CrossRef]
- Koch, R. Hidden in the shadow: The dark web-a growing risk for military operations? In Proceedings of the 2019 11th International Conference on Cyber Conflict (CyCon), Tallinn, Estonia, 28–31 May 2019; IEEE: Piscataway NJ, USA, 2022; Volume 900, pp. 1–24. [Google Scholar]
- Haber, M.J.; Chappell, B.; Hills, C. Regulatory compliance. In Cloud Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Cloud Resources; Springer: Berlin/Heidelberg, Germany, 2022; pp. 297–373. [Google Scholar]
- McCoy, T.H.; Perlis, R.H. Temporal trends and characteristics of reportable health data breaches, 2010–2017. JAMA 2018, 320, 1282–1284. [Google Scholar] [CrossRef]
- Churi, P.; Pawar, A.; Moreno-Guerrero, A.J. A comprehensive survey on data utility and privacy: Taking Indian healthcare system as a potential case study. Inventions 2021, 6, 45. [Google Scholar] [CrossRef]
- Dhagarra, D.; Goswami, M.; Kumar, G. Impact of trust and privacy concerns on technology acceptance in healthcare: An Indian perspective. Int. J. Med. Inform. 2020, 141, 104164. [Google Scholar]
- Ferrão, S.É.R.; Carvalho, A.P.; Canedo, E.D.; Mota, A.P.B.; Costa, P.H.T.; Cerqueira, A.J. Diagnostic of data processing by brazilian organizations—a low compliance issue. Information 2021, 12, 168. [Google Scholar] [CrossRef]
- Lima, R.C.; Silva, P.F.; Rudzit, G. No power vacuum: National security neglect and the defence sector in Brazil. Def. Stud. 2021, 21, 84–106. [Google Scholar] [CrossRef]
- Shires, J. The Simulation of Scandal: Hack-and-Leak Operations, the Gulf States, and US Politics (Fall 2020). Tex. Natl. Secur. Rev. 2020, 3, 10–29. [Google Scholar]
- Islam, R. The Impact of Data Breaches on Stock Performance; Glucksman Institute for Research in Securities Markets, Leonard N. Stern School of Business, New York University: New York, NY, USA, 2020. [Google Scholar]
- Gopichandran, V.; Ganeshkumar, P.; Dash, S.; Ramasamy, A. Ethical challenges of digital health technologies: Aadhaar, India. Bull. World Health Organ. 2020, 98, 277. [Google Scholar] [CrossRef] [PubMed]
- Bondre, A.; Pathare, S.; Naslund, J.A. Protecting mental health data privacy in India: The case of data linkage with Aadhaar. Glob. Heal. Sci. Pract. 2021, 9, 467–480. [Google Scholar] [CrossRef] [PubMed]
- Mali, N.V.; Avila-Maravilla, M.A. Convergence or Conflict? Digital Identities vs. Citizenship Rights: Case Study of Unique Identification Number, Aadhaar, in India. In Proceedings of the 11th International Conference on Theory and Practice of Electronic Governance, Galway, Ireland, 4–6 April 2018; pp. 443–448. [Google Scholar]
- Tiwari, P.R.; Agarwal, D.; Jain, P.; Dasgupta, S.; Datta, P.; Reddy, V.; Gupta, D. India’s “Aadhaar” Biometric ID: Structure, Security, and Vulnerabilities. In Proceedings of the International Conference on Financial Cryptography and Data Security, Grenada, Spain, 2–6 May 2022; Springer: Berlin/Heidelberg, Germany, 2022; pp. 672–693. [Google Scholar]
- Tyagi, A.K.; Rekha, G.; Sreenath, N. Is your privacy safe with Aadhaar?: An open discussion. In Proceedings of the 2018 Fifth International Conference on Parallel, Distributed and Grid Computing (PDGC), Solan, India, 20–22 December 2018; IEEE: Piscataway NJ, USA, 2022; pp. 318–323. [Google Scholar]
- Bella, G.; Biondi, P.; Tudisco, G. A double assessment of privacy risks aboard top-selling cars. Automot. Innov. 2023, 6, 146–163. [Google Scholar] [CrossRef]
- Peacher, H.B. Regulating Data Privacy of Connected Vehicles: How Automotive Giants Can Protect Themselves and Their Golden Goose. Alb. LJ Sci. Tech. 2020, 30, 74. [Google Scholar]
- Song, Y.; Xu, C.; Zhang, Y.; Li, S. Hardening Password-Based Credential Databases. IEEE Trans. Inf. Forensics Secur. 2023, 19, 469–484. [Google Scholar] [CrossRef]
- Ometov, A.; Petrov, V.; Bezzateev, S.; Andreev, S.; Koucheryavy, Y.; Gerla, M. Challenges of multi-factor authentication for securing advanced IoT applications. IEEE Netw. 2019, 33, 82–88. [Google Scholar] [CrossRef]
- Thomas, K.; Pullman, J.; Yeo, K.; Raghunathan, A.; Kelley, P.G.; Invernizzi, L.; Benko, B.; Pietraszek, T.; Patel, S.; Boneh, D.; et al. Protecting accounts from credential stuffing with password breach alerting. In Proceedings of the 28th USENIX Security Symposium (USENIX Security 19), Santa Clara, CA, USA, 14–16 August 2019; pp. 1556–1571. [Google Scholar]
- Trautman, L.J.; Hussein, M.T.; Opara, E.U.; Molesky, M.J.; Rahman, S. Posted: No Phishing. Emory Corp. Gov. Account. Rev. 2021, 8, 41–74. [Google Scholar] [CrossRef]
- Zwilling, M.; Klien, G.; Lesjak, D.; Wiechetek, Ł.; Cetin, F.; Basim, H.N. Cyber security awareness, knowledge and behavior: A comparative study. J. Comput. Inf. Syst. 2022, 62, 82–97. [Google Scholar]
- Wagner, T.D.; Mahbub, K.; Palomar, E.; Abdallah, A.E. Cyber threat intelligence sharing: Survey and research directions. Comput. Secur. 2019, 87, 101589. [Google Scholar] [CrossRef]
- Xiong, W.; Legrand, E.; Åberg, O.; Lagerström, R. Cyber security threat modeling based on the MITRE Enterprise ATT&CK Matrix. Softw. Syst. Model. 2022, 21, 157–177. [Google Scholar]
- Hoofnagle, C.J.; Van Der Sloot, B.; Borgesius, F.Z. The European Union general data protection regulation: What it is and what it means. Inf. Commun. Technol. Law 2019, 28, 65–98. [Google Scholar] [CrossRef]
- Shastri, S.; Wasserman, M.; Chidambaram, V. The seven sins of {Personal-Data} processing systems under {GDPR}. In Proceedings of the 11th USENIX Workshop on Hot Topics in Cloud Computing (HotCloud 19), Renton, WA, USA, 8 July 2019. [Google Scholar]
- Sebastian, G. Could incorporating cybersecurity reporting into SOX have prevented most data breaches at US publicly traded companies? An exploratory study. Int. Cybersecur. Law Rev. 2022, 3, 367–383. [Google Scholar] [CrossRef]
- Pang, M.S.; Tanriverdi, H. Strategic roles of IT modernization and cloud migration in reducing cybersecurity risks of organizations: The case of US federal government. J. Strateg. Inf. Syst. 2022, 31, 101707. [Google Scholar] [CrossRef]
- Ryle, P.; Yan, J.; Gardiner, L.R. Gramm-Leach-Bliley gets a systems upgrade: What the ftc’s proposed safeguards rule changes mean for small and medium american financial institutions. EDPACS 2022, 65, 6–17. [Google Scholar] [CrossRef]
- Cohen, B.; Hu, A.; Patino, D.; Coffman, J. Educational Data in the Cloud Legal Implications and Technical Recommendations. In Proceedings of the 2022 IEEE/ACM 15th International Conference on Utility and Cloud Computing (UCC), Vancouver, WA, USA, 6–9 December 2022; IEEE: Piscataway NJ, USA, 2022; pp. 181–182. [Google Scholar]
- Skowronski, D.S. Coppa and educational technologies: The need for additional online privacy protections for students. Ga. State Univ. Law Rev. 2022, 38, 12. [Google Scholar]
- Piper, D. Data Protection Laws of the World Full Handbook; Technical Report; DLA Piper: London, UK, 2023. [Google Scholar]
- Mantelero, A. The future of data protection: Gold standard vs. global standard. Comput. Law Secur. Rev. 2021, 40, 105500. [Google Scholar] [CrossRef]
- Bezerra Sales Sarlet, G.; Piñeiro Rodriguez, D. Alternatives for an adequate structuring of the national data protection authority (ANPD) in its independent profile: Proposals to overcome the technological challenges in the age of digital governance. Int. Cybersecur. Law Rev. 2023, 4, 197–211. [Google Scholar] [CrossRef] [PubMed]
- Srinivasan, S.; Sinha, V.; Modi, S. Drafting a pro-antitrust and data protection regulatory framework. Indian Public Policy Rev. 2023, 4, 35–56. [Google Scholar] [CrossRef]
- Hartzog, W.; Richards, N. Privacy’s constitutional moment and the limits of data protection. BCL Rev. 2020, 61, 1687. [Google Scholar]
- Sheth, S.; Kaiser, G.; Maalej, W. Us and them: A study of privacy requirements across North America, Asia, and Europe. In Proceedings of the 36th International Conference on Software Engineering, Hyderabad, India, 31 May–7 June 2014; pp. 859–870. [Google Scholar]
- Demetzou, K.; Zanfir-Fortuna, G.; Vale, S.B. The thin red line: Refocusing data protection law on ADM, a global perspective with lessons from case-law. Comput. Law Secur. Rev. 2023, 49, 105806. [Google Scholar] [CrossRef]
- Banisar, D. National Comprehensive Data Protection/Privacy Laws and Bills 2023. Priv. Laws Bills 2023. [Google Scholar] [CrossRef]
- Demotes-Mainard, J.; Cornu, C.; Guerin, A.; Bertoye, P.H.; Boidin, R.; Bureau, S.; Chrétien, J.M.; Delval, C.; Deplanque, D.; Dubray, C.; et al. How the new European data protection regulation affects clinical research and recommendations? Therapies 2019, 74, 31–42. [Google Scholar] [CrossRef] [PubMed]
- Etteldorf, C. Germany Revisited: The Second Data Protection Adaption and Implementation Act. Eur. Data Prot. L. Rev. 2019, 5, 397. [Google Scholar] [CrossRef]
- Mahieu, R.; Asghari, H.; Parsons, C.; van Hoboken, J.; Crete-Nishihata, M.; Hilts, A.; Anstis, S. Measuring the Brussels Effect through Access Requests: Has the European General Data Protection Regulation Influenced the Data Protection Rights of Canadian Citizens? J. Inf. Policy 2021, 11, 301–349. [Google Scholar] [CrossRef]
- Finck, M.; Pallas, F. They who must not be identified—Distinguishing personal from non-personal data under the GDPR. Int. Data Priv. Law 2020, 10, 11–36. [Google Scholar] [CrossRef]
- Sevinç, İ.; Karabulut, N. A review on the personal data protection authority of turkey. Akad. Hassasiyetler 2020, 7, 449–472. [Google Scholar]
- Botta, M.; Wiedemann, K. The interaction of EU competition, consumer, and data protection law in the digital economy: The regulatory dilemma in the Facebook odyssey. Antitrust Bull. 2019, 64, 428–446. [Google Scholar] [CrossRef]
- Ciclosi, F.; Massacci, F. The data protection officer: A ubiquitous role that no one really knows. IEEE Secur. Priv. 2022, 21, 66–77. [Google Scholar] [CrossRef]
- Amir, E.; Levi, S.; Livne, T. Do firms underreport information on cyber-attacks? Evidence from capital markets. Rev. Account. Stud. 2018, 23, 1177–1206. [Google Scholar] [CrossRef]
- Wohlin, C.; Runeson, P.; Höst, M.; Ohlsson, M.C.; Regnell, B.; Wesslén, A. Experimentation in Software Engineering; Springer Science & Business Media: Cham, Switzerland, 2012. [Google Scholar]
Breach Size | |
count | 428 |
mean | 61,673,880 |
std | 400,573,400 |
min | 30,000 |
25% | 74,375 |
50% | 422,548 |
75% | 6,000,000 |
max | 7,400,000,000 |
Years Since Breach | 2023 Average | Low Regulation | High Regulation |
1st | 51% | 64% | 42% |
2nd | 31% | 32% | 37% |
2+ | 18% | 4% | 21% |
Country | Regulation Level | Data Protection Law | Law Approved | Defines Personal Data | DPA | Requires Registration | Requires DPO | Breach Notification |
CH | ++ | FADP | 2020 | ✓ | FDPIC | ✗ | ✗ | ✓ |
EU | ++ | GDPR | 2016 | ✓ | EDPB | ✗ | ✓ | 72 h |
US | ++ | ✗ | − | ✓ | ✗ | ✗ | ✗ | ✓ |
IL | ++ | PPL | 1981 | ✓ | PPA | ✓ | ✓ | immediately |
KY | − | DPA | 2017 | ✓ | Ombudsman | ✗ | ✗ | 5 days |
AU | ++ | PA & APP | 1988 | ✓ | OAIC | ✗ | ✗ | 72 h |
NZ | + | PA | 2020 | ✓ | Privacy Commissioner | ✗ | ✓ | ✓ |
SC | ++ | DPA | 2003 | ✓ | ✗ | ✓ | ✗ | ✗ |
HK | ++ | PDPO | 1995 | ✓ | PCPD | ✗ | ✗ | ✗ |
CN | ++ | PIPL | 2021 | ✓ | CAC | ✗ | ✓ | ✓ |
AE | − | PDPL | 2021 | ✓ | ✗ | ✗ | ✓ | immediately |
EC | − | PDPL | 2021 | ✓ | ✗ | ✓ | ✗ | 5 days |
BR | − | LGPD | 2018 | ✓ | ANPD | ✗ | ✓ | 2 working days |
IN | DPDP | 2023 | ✓ | ✗ | ✗ | ✓ | ✓ | |
CA | ++ | PIPEDA | 2000 | ✓ | OPC | ✗ | ✓ | ✓ |
RU | − | DPA | 2006 | ✓ | Roskomnadzor | ✓ | ✓ | 24 h |
SG | ++ | PDPA | 2012 | ✓ | PDPC | ✗ | ✓ | 3 calendar days |
ID | + | PDP | 2022 | ✓ | PDP Agency | ✗ | ✗ | 72 h |
GB | ++ | UKGDPR | 2018 | ✓ | ICO | ✓ | ✓ | 72 h |
MY | + | PDPA | 2010 | ✓ | PDPC | ✓ | ✗ | ✗ |
IR | −− | ✗ | - | ✗ | ✗ | ✗ | ✗ | ✗ |
CO | − | Law 1581 | 2012 | ✓ | SIC & SOF | ✓ | ✗ | 15 business days |
JP | + | APPI | 2003 | ✓ | PPC | ✗ | ✗ | ✓ |
CL | − | PDPL | 1999 | ✓ | ✗ | ✗ | ✗ | ✗ |
PH | − | DPA | 2012 | ✓ | NPC | ✓ | ✓ | 72 h |
TR | − | LPPD | 2016 | ✓ | KVKK | ✓ | ✗ | 72 h |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Pimenta Rodrigues, G.A.; Marques Serrano, A.L.; Lopes Espiñeira Lemos, A.N.; Canedo, E.D.; Mendonça, F.L.L.d.; de Oliveira Albuquerque, R.; Sandoval Orozco, A.L.; García Villalba, L.J. Understanding Data Breach from a Global Perspective: Incident Visualization and Data Protection Law Review. Data 2024, 9, 27. https://doi.org/10.3390/data9020027
Pimenta Rodrigues GA, Marques Serrano AL, Lopes Espiñeira Lemos AN, Canedo ED, Mendonça FLLd, de Oliveira Albuquerque R, Sandoval Orozco AL, García Villalba LJ. Understanding Data Breach from a Global Perspective: Incident Visualization and Data Protection Law Review. Data. 2024; 9(2):27. https://doi.org/10.3390/data9020027
Chicago/Turabian StylePimenta Rodrigues, Gabriel Arquelau, André Luiz Marques Serrano, Amanda Nunes Lopes Espiñeira Lemos, Edna Dias Canedo, Fábio Lúcio Lopes de Mendonça, Robson de Oliveira Albuquerque, Ana Lucila Sandoval Orozco, and Luis Javier García Villalba. 2024. "Understanding Data Breach from a Global Perspective: Incident Visualization and Data Protection Law Review" Data 9, no. 2: 27. https://doi.org/10.3390/data9020027
APA StylePimenta Rodrigues, G. A., Marques Serrano, A. L., Lopes Espiñeira Lemos, A. N., Canedo, E. D., Mendonça, F. L. L. d., de Oliveira Albuquerque, R., Sandoval Orozco, A. L., & García Villalba, L. J. (2024). Understanding Data Breach from a Global Perspective: Incident Visualization and Data Protection Law Review. Data, 9(2), 27. https://doi.org/10.3390/data9020027