Feariness about Data Loss

In the spirit of Stephen Colbert’s “truthiness,” here’s another useful term for the pop lexicon:

fear i ness (fir’ e-nes) n. The quality of being feared, even though logic and/or evidence indicates there is little to fear.

A prime example of feariness right now is data loss — the loss of control over confidential information that could lead to violation of a person’s privacy, identity theft, and fraud. This feariness has been fanned by the recent thefts of government and corporate computer hardware containing important data files.

Though privacy violations and fraud are worrisome, an article in today’s New York Times explains that much of the alarm over data loss is just feariness:

The veterans’ laptop episode underscores the crucial distinction between data loss and malicious data theft — a distinction that has often been glossed over or ignored in the recent wave of alarming disclosures of data breaches at government agencies, universities, companies and hospitals. In most cases, the consequences — financial and otherwise — of the data losses have been slight.

But while high-profile data breaches are common, there is no evidence of a surge in identity theft or financial fraud as a result. In fact, there is scant evidence that identity theft and financial fraud have increased at all. Even when computer networks are cracked into, and troves of personal information intentionally stolen, fraudsters can typically exploit only a tiny fraction of it.

Readers of Cato’s Regulation Magazine already know this story. In last spring’s issue, Tom Lenard and Paul Rubin describe how the incidence of data theft–inducing fraud is fairly stable, how most of that fraud is the product of the theft of old-fashioned paper statements instead of electronic information, and how the response to data loss (including government-mandated response) is far more costly in aggregate than any resulting fraud.