Personal data disclosure and data breaches: the customer's viewpoint

Abstract: Every time the customer (individual or company) has to release personal information to its service provider (e.g., an online store or a cloud computing provider), it faces a trade-off between the benefits gained (enhanced or cheaper services) and the risks it incurs (identity theft and fraudulent uses). The amount of personal information released is the major decision variable in that trade-off problem, and has a proxy in the maximum loss the customer may incur. We find the conditions for a unique optimal solution to exist for that problem as that maximizing the customer's surplus. We also show that the optimal amount of personal information is influenced most by the immediate benefits the customer gets, i.e., the price and the quantity of service offered by the service provider, rather than by maximum loss it may incur. Easy spenders take larger risks with respect to low-spenders, but an increase in price drives customers towards a more careful risk-taking attitude anyway. A major role is also played by the privacy level, which the service provider employs to regulate the benefits released to the customers. We also provide a closed form solution for the limit case of a perfectly secure provider, showing that the results do not differ significantly from those obtained in the general case. The trade-off analysis may be employed by the customer to determine its level of exposure in the relationship with its service provider.