Project for making data breach reports available for research purposes started

Erasmus School of Law research is the basis for scoop

Dr Bernold Nieuwesteeg of Erasmus School of Law investigated, together with colleague Prof. Michael Faure and Prof. Michel van Eeten of the TU-Delft, the effect of the data breach reporting obligation as commissioned by the Cyber Security Council (CSR). They concluded that the effect and the social potential of the reporting obligation regarding data breaches could be better utilized; among other things, by making the data breach database available for scientific research.

Minister Grapperhaus of the Ministry of Justice and Security has reacted positively on the recommendations from the CSR this week. These recommendations came about as a result of the investigation into the effect of obligations to report data breaches. They included a project proposal for - under strict conditions - giving access to the database of data breaches reported to the Dutch Data Protection Authority (DDPA) for scientific and statistical research. The data will be made accessible through the Central Bureau of Statistics (CBS) and will be stripped of personal data and company names in advance.

Nieuwesteeg and Faure, who are affiliated with the Centre for the Law and Economics of Cyber Security (CLECS), collaborated closely with the  Economics of Cyber Security Group of the TU-Delft.

Following the report, the CSR and the AP recently came to the recommendation to make actual data breaches available for scientific purposes. The aim is to come to general advice and suggestions for improving the security of personal data.

"This is unique," said Bernold Nieuwesteeg. "Nowhere in the world have registers of data leaks been made available in this way, while there is a great need for transparency and data sets regarding data leaks." Because of the positive response from Minister Grapperhaus, who received the CSR's advice this week, in-depth research may soon be conducted into trends and the nature of data breaches, as well as the effectiveness of investments in cybersecurity.

He continued: "We expect and hope that other countries and institutions will also take important steps towards making data leaks available so that trends can be explored and compared worldwide."

CV

Dr Bernold Nieuwesteeg has been working at Erasmus School of Law since 2014 as a researcher at the Rotterdam Institute of Law and Economics. In 2018 he obtained his PhD in the field of economics and law of cybersecurity. In the same year, he was appointed Director of the Center for the Law and Economics of Cyber Security. Nieuwesteeg is also a partner at CrossOver.

More information

More information can be obtained via Dr Bernold Nieuwesteeg (nieuwesteeg@law.eur.nl) or 06-38588104.

Click here to view the complete study of the Center for the Law and Economics of Cyber Security in collaboration with the Economics of Cyber Security Group commissioned by the CSR (in Dutch only)