Reporting on Data Breaches: US and Great Britain
Is the recent wave of reporting on British data breaches similar to what we’ve been seeing in the US? A couple of things seem true: the US has way more reported breaches per capita, but both locations have seen greatly accelerated reporting.
Here’s a plot of all US (Country = ‘US’) and British (Country = ‘GB’) breaches in Attrition’s DLDOS, as of March 13, 2008.
The incident count has been normalized by dividing each series by the total number of incidents in that series. The US had 840 reported incidents, Great Britain had 33.
What does this mean? I’m not sure…
Update: Added vertical lines to graphic, in response to Lyger’s comment. Left one is Choicepoint 2/15/05. Right is HMRC 11/20/2007.
I think it means breach disclosure is way up. What happens if you don’t normalize?
We’ve seen more reports from the UK in the last few months, especially since the HMRC disclosure of 25 million in November 2007. Perhaps the HMRC event was the UK equivalent of the February 2005 Choicepoint event that “broke open the dam”, so to speak, like some of the latest fashion statements seem to start on the US coasts and find their way to the Midwest many months later (perhaps a bad analogy, best one I can think of at the moment)…
ChoicePoint clearly set things rolling here, but HMRC is well along. From the graph, if there was a catalyst in the UK, it was in late 2005 or early 2006. Perplexing…just like fashion trends!
Could you add indicators of when CPS and HMRC happened?