Data protection laws reduced breaches but affected firms’ value

Press/Media: UEA Press Release

Description

The introduction of new data protection rules significantly reduced breaches by firms but negatively impacted their market value, according to new research by the University of East Anglia (UEA) and University of Texas.

Researchers looked at what happened when the European Union’s General Data Protection Regulation (GDPR) started being enforced in 2018. Using its extraterritorial reach, the authors explore variation in US firms’ exposure to the EU GDPR to see how stricter data privacy laws affected their value, investment choices and data breaches.

They found companies that had to comply with GDPR saw their market value drop by 0.6-1.1% - or from $42 to $76 billion in total - in the week it became enforceable. This was partly related to stricter data privacy and security laws slowing firms’ sales growth.

However, these companies invested more money in data protection than those not affected by GDPR and were less likely to experience data breaches. This reduction was significant, preventing up to 34 million records from being leaked each year, which would have cost firms between $205 million and $561 million annually to deal with.

The findings are published in the Journal of Business Finance and Accounting. Co-author Dr Fabio Motoki, Lecturer in Accounting at UEA’s Norwich Business School, said: “Overall, this study shows key costs and benefits of stricter data privacy laws, providing useful information for businesses and regulators around the world.

Period18 Jul 2024

Media coverage

1

Media coverage

  • TitleData protection laws reduced breaches but affected firms’ value
    Degree of recognitionNational
    Media name/outletUEA News
    Media typeWeb
    Country/TerritoryUnited Kingdom
    Date18/07/24
    DescriptionThe introduction of new data protection rules significantly reduced breaches by firms but negatively impacted their market value, according to new research by the University of East Anglia (UEA) and University of Texas.

    Researchers looked at what happened when the European Union’s General Data Protection Regulation (GDPR) started being enforced in 2018. Using its extraterritorial reach, the authors explore variation in US firms’ exposure to the EU GDPR to see how stricter data privacy laws affected their value, investment choices and data breaches.

    They found companies that had to comply with GDPR saw their market value drop by 0.6-1.1% - or from $42 to $76 billion in total - in the week it became enforceable. This was partly related to stricter data privacy and security laws slowing firms’ sales growth.

    However, these companies invested more money in data protection than those not affected by GDPR and were less likely to experience data breaches. This reduction was significant, preventing up to 34 million records from being leaked each year, which would have cost firms between $205 million and $561 million annually to deal with.

    The findings are published in the Journal of Business Finance and Accounting. Co-author Dr Fabio Motoki, Lecturer in Accounting at UEA’s Norwich Business School, said: “Overall, this study shows key costs and benefits of stricter data privacy laws, providing useful information for businesses and regulators around the world.
    Producer/AuthorCat Bartman
    PersonsFabio Motoki, Jedson Pinto
View all 1
View less

Related content