Cloud computing data breaches: A review of U.S. regulation and data breach notification literature

David Kolevski; Katina Michael; Roba Abbas; Mark Freeman

doi:10.1109/ISTAS52410.2021.9629173

Cloud computing data breaches: A review of U.S. regulation and data breach notification literature

David Kolevski, Katina Michael, Roba Abbas, Mark Freeman

Future of Innovation in Society, School for the (SFIS)

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

3 Scopus citations

Abstract

Cloud computing services have enjoyed explosive growth over the last decade. Users are typically businesses and government agencies who are able to scale their storage and processing requirements, and choose from pre-defined services (e.g. specific software-as-a-service applications). But with this outsourcing has also come the potential for data breaches targeted at the end-user, typically consumers (e.g. who purchase goods at an online retail store), and citizens (e.g. who transact information for their social security needs). This paper briefly introduces U.S.-based cloud computing regulation, including the U.S. Health Insurance Portability and Accountability Act (HIPPA), the Gramm Leach Bliley Act (GLBA), and the U.S. Stored Communications Act (SCA). We present how data breach notification (DBN) works in the U.S. by examining three mini-case examples: The 2011 Sony PlayStation Network data breach, the 2015 Anthem Healthcare data breach, and the 2017 Equifax data breach. The findings of the paper show that there is a systemic failure to learn from past data breaches, and that data breaches not only affect business and government clients of cloud computing services but their respective end-user customer base. Finally, the level of sensitivity of data breaches is increasing, from cloud computing hacks on video game platforms, to the targeting of more lucrative network and computer crime abuses aiming at invasive private health and financial data.

Original language	English (US)
Title of host publication	Proceedings - 2021 IEEE International Symposium on Society and Technology
Subtitle of host publication	Technological Stewardship and Responsible Innovation, ISTAS 2021
Editors	Brandiff Caron, Ketra A. Schmitt, Zach Pearl, Rozita Dara, Heather A. Love
Publisher	Institute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)	9781665435802
DOIs	https://doi.org/10.1109/ISTAS52410.2021.9629173
State	Published - 2021
Event	2021 IEEE International Symposium on Society and Technology, ISTAS 2021 - Virtual, Waterloo, Canada Duration: Oct 28 2021 → Oct 31 2021

Publication series

Name	International Symposium on Technology and Society, Proceedings
Volume	2021-October

Conference

Conference	2021 IEEE International Symposium on Society and Technology, ISTAS 2021
Country/Territory	Canada
City	Virtual, Waterloo
Period	10/28/21 → 10/31/21

Keywords

Anthem Healthcare
cloud computing
consumers
data breach
data breach notification
Equifax
financial records
health records
regulation
sensitive data
Sony PSN
USA

ASJC Scopus subject areas

General Engineering
General Social Sciences

Access to Document

10.1109/ISTAS52410.2021.9629173

Cite this

Kolevski, D., Michael, K., Abbas, R., & Freeman, M. (2021). Cloud computing data breaches: A review of U.S. regulation and data breach notification literature. In B. Caron, K. A. Schmitt, Z. Pearl, R. Dara, & H. A. Love (Eds.), Proceedings - 2021 IEEE International Symposium on Society and Technology: Technological Stewardship and Responsible Innovation, ISTAS 2021 (International Symposium on Technology and Society, Proceedings; Vol. 2021-October). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ISTAS52410.2021.9629173

Cloud computing data breaches: A review of U.S. regulation and data breach notification literature. / Kolevski, David; Michael, Katina; Abbas, Roba et al.
Proceedings - 2021 IEEE International Symposium on Society and Technology: Technological Stewardship and Responsible Innovation, ISTAS 2021. ed. / Brandiff Caron; Ketra A. Schmitt; Zach Pearl; Rozita Dara; Heather A. Love. Institute of Electrical and Electronics Engineers Inc., 2021. (International Symposium on Technology and Society, Proceedings; Vol. 2021-October).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Kolevski, D, Michael, K, Abbas, R & Freeman, M 2021, Cloud computing data breaches: A review of U.S. regulation and data breach notification literature. in B Caron, KA Schmitt, Z Pearl, R Dara & HA Love (eds), Proceedings - 2021 IEEE International Symposium on Society and Technology: Technological Stewardship and Responsible Innovation, ISTAS 2021. International Symposium on Technology and Society, Proceedings, vol. 2021-October, Institute of Electrical and Electronics Engineers Inc., 2021 IEEE International Symposium on Society and Technology, ISTAS 2021, Virtual, Waterloo, Canada, 10/28/21. https://doi.org/10.1109/ISTAS52410.2021.9629173

Kolevski D, Michael K, Abbas R, Freeman M. Cloud computing data breaches: A review of U.S. regulation and data breach notification literature. In Caron B, Schmitt KA, Pearl Z, Dara R, Love HA, editors, Proceedings - 2021 IEEE International Symposium on Society and Technology: Technological Stewardship and Responsible Innovation, ISTAS 2021. Institute of Electrical and Electronics Engineers Inc. 2021. (International Symposium on Technology and Society, Proceedings). doi: 10.1109/ISTAS52410.2021.9629173

Kolevski, David ; Michael, Katina ; Abbas, Roba et al. / Cloud computing data breaches : A review of U.S. regulation and data breach notification literature. Proceedings - 2021 IEEE International Symposium on Society and Technology: Technological Stewardship and Responsible Innovation, ISTAS 2021. editor / Brandiff Caron ; Ketra A. Schmitt ; Zach Pearl ; Rozita Dara ; Heather A. Love. Institute of Electrical and Electronics Engineers Inc., 2021. (International Symposium on Technology and Society, Proceedings).

@inproceedings{6af3cf9b63c0425b9353d36bf2878824,

title = "Cloud computing data breaches: A review of U.S. regulation and data breach notification literature",

abstract = "Cloud computing services have enjoyed explosive growth over the last decade. Users are typically businesses and government agencies who are able to scale their storage and processing requirements, and choose from pre-defined services (e.g. specific software-as-a-service applications). But with this outsourcing has also come the potential for data breaches targeted at the end-user, typically consumers (e.g. who purchase goods at an online retail store), and citizens (e.g. who transact information for their social security needs). This paper briefly introduces U.S.-based cloud computing regulation, including the U.S. Health Insurance Portability and Accountability Act (HIPPA), the Gramm Leach Bliley Act (GLBA), and the U.S. Stored Communications Act (SCA). We present how data breach notification (DBN) works in the U.S. by examining three mini-case examples: The 2011 Sony PlayStation Network data breach, the 2015 Anthem Healthcare data breach, and the 2017 Equifax data breach. The findings of the paper show that there is a systemic failure to learn from past data breaches, and that data breaches not only affect business and government clients of cloud computing services but their respective end-user customer base. Finally, the level of sensitivity of data breaches is increasing, from cloud computing hacks on video game platforms, to the targeting of more lucrative network and computer crime abuses aiming at invasive private health and financial data. ",

keywords = "Anthem Healthcare, cloud computing, consumers, data breach, data breach notification, Equifax, financial records, health records, regulation, sensitive data, Sony PSN, USA",

author = "David Kolevski and Katina Michael and Roba Abbas and Mark Freeman",

note = "Publisher Copyright: {\textcopyright} 2021 IEEE.; 2021 IEEE International Symposium on Society and Technology, ISTAS 2021 ; Conference date: 28-10-2021 Through 31-10-2021",

year = "2021",

doi = "10.1109/ISTAS52410.2021.9629173",

language = "English (US)",

series = "International Symposium on Technology and Society, Proceedings",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

editor = "Brandiff Caron and Schmitt, {Ketra A.} and Zach Pearl and Rozita Dara and Love, {Heather A.}",

booktitle = "Proceedings - 2021 IEEE International Symposium on Society and Technology",

}

TY - GEN

T1 - Cloud computing data breaches

T2 - 2021 IEEE International Symposium on Society and Technology, ISTAS 2021

AU - Kolevski, David

AU - Michael, Katina

AU - Abbas, Roba

AU - Freeman, Mark

PY - 2021

Y1 - 2021

N2 - Cloud computing services have enjoyed explosive growth over the last decade. Users are typically businesses and government agencies who are able to scale their storage and processing requirements, and choose from pre-defined services (e.g. specific software-as-a-service applications). But with this outsourcing has also come the potential for data breaches targeted at the end-user, typically consumers (e.g. who purchase goods at an online retail store), and citizens (e.g. who transact information for their social security needs). This paper briefly introduces U.S.-based cloud computing regulation, including the U.S. Health Insurance Portability and Accountability Act (HIPPA), the Gramm Leach Bliley Act (GLBA), and the U.S. Stored Communications Act (SCA). We present how data breach notification (DBN) works in the U.S. by examining three mini-case examples: The 2011 Sony PlayStation Network data breach, the 2015 Anthem Healthcare data breach, and the 2017 Equifax data breach. The findings of the paper show that there is a systemic failure to learn from past data breaches, and that data breaches not only affect business and government clients of cloud computing services but their respective end-user customer base. Finally, the level of sensitivity of data breaches is increasing, from cloud computing hacks on video game platforms, to the targeting of more lucrative network and computer crime abuses aiming at invasive private health and financial data.

AB - Cloud computing services have enjoyed explosive growth over the last decade. Users are typically businesses and government agencies who are able to scale their storage and processing requirements, and choose from pre-defined services (e.g. specific software-as-a-service applications). But with this outsourcing has also come the potential for data breaches targeted at the end-user, typically consumers (e.g. who purchase goods at an online retail store), and citizens (e.g. who transact information for their social security needs). This paper briefly introduces U.S.-based cloud computing regulation, including the U.S. Health Insurance Portability and Accountability Act (HIPPA), the Gramm Leach Bliley Act (GLBA), and the U.S. Stored Communications Act (SCA). We present how data breach notification (DBN) works in the U.S. by examining three mini-case examples: The 2011 Sony PlayStation Network data breach, the 2015 Anthem Healthcare data breach, and the 2017 Equifax data breach. The findings of the paper show that there is a systemic failure to learn from past data breaches, and that data breaches not only affect business and government clients of cloud computing services but their respective end-user customer base. Finally, the level of sensitivity of data breaches is increasing, from cloud computing hacks on video game platforms, to the targeting of more lucrative network and computer crime abuses aiming at invasive private health and financial data.

KW - Anthem Healthcare

KW - cloud computing

KW - consumers

KW - data breach

KW - data breach notification

KW - Equifax

KW - financial records

KW - health records

KW - regulation

KW - sensitive data

KW - Sony PSN

KW - USA

UR - http://www.scopus.com/inward/record.url?scp=85123190076&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85123190076&partnerID=8YFLogxK

U2 - 10.1109/ISTAS52410.2021.9629173

DO - 10.1109/ISTAS52410.2021.9629173

M3 - Conference contribution

AN - SCOPUS:85123190076

T3 - International Symposium on Technology and Society, Proceedings

BT - Proceedings - 2021 IEEE International Symposium on Society and Technology

A2 - Caron, Brandiff

A2 - Schmitt, Ketra A.

A2 - Pearl, Zach

A2 - Dara, Rozita

A2 - Love, Heather A.

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 28 October 2021 through 31 October 2021

ER -

Cloud computing data breaches: A review of U.S. regulation and data breach notification literature

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this