Understanding Data Breach from a Global Perspective: Incident Visualization and Data Protection Law Review
Author:
Pimenta Rodrigues Gabriel Arquelau1ORCID, Marques Serrano André Luiz1ORCID, Lopes Espiñeira Lemos Amanda Nunes23ORCID, Canedo Edna Dias1ORCID, Mendonça Fábio Lúcio Lopes de1ORCID, de Oliveira Albuquerque Robson14ORCID, Sandoval Orozco Ana Lucila14ORCID, García Villalba Luis Javier4ORCID
Affiliation:
1. Professional Post-Graduate Program in Electrical Engineering (PPEE), Department of Electrical Engineering (ENE), University of Brasília (UnB), Brasília 70910-900, Brazil 2. Graduate Program in Law (PPGD), Law School, University of Brasilia (UnB), Brasília 70910-900, Brazil 3. School of Law, University of Minho (EDUM), Campus de Gualtar, 4710-057 Braga, Portugal 4. Group of Analysis, Security and Systems (GASS), Department of Software Engineering and Artificial Intelligence (DISIA), Faculty of Computer Science and Engineering, Office 431, Universidad Complutense de Madrid (UCM), Calle Profesor José García Santesmases, 9, Ciudad Universitaria, 28040 Madrid, Spain
Abstract
Data breaches result in data loss, including personal, health, and financial information that are crucial, sensitive, and private. The breach is a security incident in which personal and sensitive data are exposed to unauthorized individuals, with the potential to incur several privacy concerns. As an example, the French newspaper Le Figaro breached approximately 7.4 billion records that included full names, passwords, and e-mail and physical addresses. To reduce the likelihood and impact of such breaches, it is fundamental to strengthen the security efforts against this type of incident and, for that, it is first necessary to identify patterns of its occurrence, primarily related to the number of data records leaked, the affected geographical region, and its regulatory aspects. To advance the discussion in this regard, we study a dataset comprising 428 worldwide data breaches between 2018 and 2019, providing a visualization of the related statistics, such as the most affected countries, the predominant economic sector targeted in different countries, and the median number of records leaked per incident in different countries, regions, and sectors. We then discuss the data protection regulation in effect in each country comprised in the dataset, correlating key elements of the legislation with the statistical findings. As a result, we have identified an extensive disclosure of medical records in India and government data in Brazil in the time range. Based on the analysis and visualization, we find some interesting insights that researchers seldom focus on before, and it is apparent that the real dangers of data leaks are beyond the ordinary imagination. Finally, this paper contributes to the discussion regarding data protection laws and compliance regarding data breaches, supporting, for example, the decision process of data storage location in the cloud.
Funder
European Commission
Subject
Information Systems and Management,Computer Science Applications,Information Systems
Reference93 articles.
1. Data fusion and machine learning for industrial prognosis: Trends and perspectives towards Industry 4.0;Galar;Inf. Fusion,2019 2. Immersive extended reality technologies, data visualization tools, and customer behavior analytics in the metaverse commerce;Kovacova;J.-Self-Gov. Manag. Econ.,2022 3. Big data supply chain analytics: Ethical, privacy and security challenges posed to business, industries and society;Ogbuke;Prod. Plan. Control.,2022 4. Privacy, confidentiality, security and patient safety concerns about electronic health records;Ibrahim;Int. Nurs. Rev.,2020 5. A machine learning based credit card fraud detection using the GA algorithm for feature selection;Ileberi;J. Big Data,2022
|
|