The Economist reports that according to estimates,
undoing identity fraud can take an average of six months and 100 to 200 hours of a person’s time.
In addition there is the risk of substantial financial losses due to identity fraud.
Suppose a data breach exposes personal information of 1 million people. As a consequence, 0.1% of the affected persons suffer financial costs of $100 each, and all affected persons spend 100 hours to undo the damage. Suppose the average wage of the affected population is $15 per hour. The data breach then costs $100’000 + $1’500’000’000, of which the latter component is a pure social loss.
Why do we move in the direction of more and more centralized data storage? Why do customers accept this? Why do some institutions, including “virtual” companies and specific government authorities do not manage to provide the same security as traditional banks which have been doing relatively well in this respect? Is differential data security priced?