@inproceedings{6af3cf9b63c0425b9353d36bf2878824,
title = "Cloud computing data breaches: A review of U.S. regulation and data breach notification literature",
abstract = "Cloud computing services have enjoyed explosive growth over the last decade. Users are typically businesses and government agencies who are able to scale their storage and processing requirements, and choose from pre-defined services (e.g. specific software-as-a-service applications). But with this outsourcing has also come the potential for data breaches targeted at the end-user, typically consumers (e.g. who purchase goods at an online retail store), and citizens (e.g. who transact information for their social security needs). This paper briefly introduces U.S.-based cloud computing regulation, including the U.S. Health Insurance Portability and Accountability Act (HIPPA), the Gramm Leach Bliley Act (GLBA), and the U.S. Stored Communications Act (SCA). We present how data breach notification (DBN) works in the U.S. by examining three mini-case examples: The 2011 Sony PlayStation Network data breach, the 2015 Anthem Healthcare data breach, and the 2017 Equifax data breach. The findings of the paper show that there is a systemic failure to learn from past data breaches, and that data breaches not only affect business and government clients of cloud computing services but their respective end-user customer base. Finally, the level of sensitivity of data breaches is increasing, from cloud computing hacks on video game platforms, to the targeting of more lucrative network and computer crime abuses aiming at invasive private health and financial data. ",
keywords = "Anthem Healthcare, cloud computing, consumers, data breach, data breach notification, Equifax, financial records, health records, regulation, sensitive data, Sony PSN, USA",
author = "David Kolevski and Katina Michael and Roba Abbas and Mark Freeman",
note = "Publisher Copyright: {\textcopyright} 2021 IEEE.; 2021 IEEE International Symposium on Society and Technology, ISTAS 2021 ; Conference date: 28-10-2021 Through 31-10-2021",
year = "2021",
doi = "10.1109/ISTAS52410.2021.9629173",
language = "English (US)",
series = "International Symposium on Technology and Society, Proceedings",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
editor = "Brandiff Caron and Schmitt, {Ketra A.} and Zach Pearl and Rozita Dara and Love, {Heather A.}",
booktitle = "Proceedings - 2021 IEEE International Symposium on Society and Technology",
}