An investigation of the impact of data breach severity on the readability of mandatory data breach notification letters: evidence from U.S. firms

Research output: Contribution to journalArticle

Authors

Colleges, School and Institutes

External organisations

  • University of London
  • University of The West of England (UWE)

Abstract

The aim of this paper is to investigate the impact of data breach severity on the readability of mandatory data breach notification letters. Using a content analysis approach to determine data breach severity attributes (measured by the total number of breached records, type of data accessed, the source of the data breach and how the data was used), in conjunction with readability measures (reading complexity, numerical intensity, length of letter, word size and unique words), 512 data breach incidents from 281 U.S. firms across the 2012 – 2015 period are examined. The results indicate that data breach severity has a positive impact on reading complexity, length of letter, word size and unique words, and a negative impact on numerical terms. Interpreting the results collectively through the lens of impression management, it can be inferred that business managers may be attempting to obfuscate bad news associated with high data breach severity incidents by manipulating syntactical features of the data breach notification letters in a way which makes the message difficult for individuals to comprehend. The paper contributes to the information studies and impression management behavior literatures, by analyzing linguistic cues in notifications following a data breach incident.

Details

Original languageEnglish
Pages (from-to)1277–1289
Number of pages13
JournalJournal of the Association for Information Science and Technology
Volume70
Issue number11
Early online date18 Mar 2019
Publication statusPublished - 6 Oct 2019