In previous posts (here and here), I suggested that analytical modeling can be useful to better understand data breaches, information disclosure laws and the costs to both companies and individuals because of these laws. I’d like to now expand on those ideas.
To be clear, there are many kinds of models and modeling approaches but what I’m interested in is the economic analysis of tort law. For those not aware, this approach is concerned with the cost of accidents to an injurer and a victim and it analyzes how various policy rules (typically regulation or liability) can minimize the sum of those costs.
The way I’ve come to interpret and apply models (e.g. mathematical equations) is to illustrate how agent’s incentives change under different policy interventions. For example, if companies are forced to notify consumers of a data breach, will they be induced to spend more or less money protecting consumer data? Will individuals take more or less care once notified? Will these actions together increase or decrease overall social costs?