This edition of Research Roundup highlights a paper by Amalia R. Miller and Catherine Tucker on the risks of publicized data breaches in the health sector. Miller and Tucker perform one of the first empirical analyses of the medical sector by looking at how hospitals have adopted encryption software over time. They find that “the use of encryption software does not reduce overall instances of publicized data loss. Instead, its installation is associated with an increase in the likelihood of publicized data loss due to fraud or loss of computer equipment.” (p 3) The authors speculate that focusing on encryption software may be to the detriment of implementing effective internal access controls and lead to employee carelessness. In other words, without human-based company processes that complement encryption’s effectiveness, the risks for data losses could increase with the software’s implementation.
(Click through to the full post to see the abstract and link to this paper and 11 others on topics from privacy to copyright policy)