{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,3]],"date-time":"2026-06-03T01:11:26Z","timestamp":1780449086293,"version":"3.54.1"},"reference-count":93,"publisher":"MDPI AG","issue":"2","license":[{"start":{"date-parts":[[2024,1,31]],"date-time":"2024-01-31T00:00:00Z","timestamp":1706659200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"European Commission","award":["101070303"],"award-info":[{"award-number":["101070303"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Data"],"abstract":"<jats:p>Data breaches result in data loss, including personal, health, and financial information that are crucial, sensitive, and private. The breach is a security incident in which personal and sensitive data are exposed to unauthorized individuals, with the potential to incur several privacy concerns. As an example, the French newspaper Le Figaro breached approximately 7.4 billion records that included full names, passwords, and e-mail and physical addresses. To reduce the likelihood and impact of such breaches, it is fundamental to strengthen the security efforts against this type of incident and, for that, it is first necessary to identify patterns of its occurrence, primarily related to the number of data records leaked, the affected geographical region, and its regulatory aspects. To advance the discussion in this regard, we study a dataset comprising 428 worldwide data breaches between 2018 and 2019, providing a visualization of the related statistics, such as the most affected countries, the predominant economic sector targeted in different countries, and the median number of records leaked per incident in different countries, regions, and sectors. We then discuss the data protection regulation in effect in each country comprised in the dataset, correlating key elements of the legislation with the statistical findings. As a result, we have identified an extensive disclosure of medical records in India and government data in Brazil in the time range. Based on the analysis and visualization, we find some interesting insights that researchers seldom focus on before, and it is apparent that the real dangers of data leaks are beyond the ordinary imagination. Finally, this paper contributes to the discussion regarding data protection laws and compliance regarding data breaches, supporting, for example, the decision process of data storage location in the cloud.<\/jats:p>","DOI":"10.3390\/data9020027","type":"journal-article","created":{"date-parts":[[2024,1,31]],"date-time":"2024-01-31T09:41:59Z","timestamp":1706694119000},"page":"27","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":33,"title":["Understanding Data Breach from a Global Perspective: Incident Visualization and Data Protection Law Review"],"prefix":"10.3390","volume":"9","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4502-2153","authenticated-orcid":false,"given":"Gabriel Arquelau","family":"Pimenta Rodrigues","sequence":"first","affiliation":[{"name":"Professional Post-Graduate Program in Electrical Engineering (PPEE), Department of Electrical Engineering (ENE), University of Bras\u00edlia (UnB), Bras\u00edlia 70910-900, Brazil"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5182-0496","authenticated-orcid":false,"given":"Andr\u00e9 Luiz","family":"Marques Serrano","sequence":"additional","affiliation":[{"name":"Professional Post-Graduate Program in Electrical Engineering (PPEE), Department of Electrical Engineering (ENE), University of Bras\u00edlia (UnB), Bras\u00edlia 70910-900, Brazil"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7114-4613","authenticated-orcid":false,"given":"Amanda Nunes","family":"Lopes Espi\u00f1eira Lemos","sequence":"additional","affiliation":[{"name":"Graduate Program in Law (PPGD), Law School, University of Brasilia (UnB), Bras\u00edlia 70910-900, Brazil"},{"name":"School of Law, University of Minho (EDUM), Campus de Gualtar, 4710-057 Braga, Portugal"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2159-339X","authenticated-orcid":false,"given":"Edna Dias","family":"Canedo","sequence":"additional","affiliation":[{"name":"Professional Post-Graduate Program in Electrical Engineering (PPEE), Department of Electrical Engineering (ENE), University of Bras\u00edlia (UnB), Bras\u00edlia 70910-900, Brazil"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7100-7304","authenticated-orcid":false,"given":"F\u00e1bio L\u00facio Lopes de","family":"Mendon\u00e7a","sequence":"additional","affiliation":[{"name":"Professional Post-Graduate Program in Electrical Engineering (PPEE), Department of Electrical Engineering (ENE), University of Bras\u00edlia (UnB), Bras\u00edlia 70910-900, Brazil"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6717-3374","authenticated-orcid":false,"given":"Robson","family":"de Oliveira Albuquerque","sequence":"additional","affiliation":[{"name":"Professional Post-Graduate Program in Electrical Engineering (PPEE), Department of Electrical Engineering (ENE), University of Bras\u00edlia (UnB), Bras\u00edlia 70910-900, Brazil"},{"name":"Group of Analysis, Security and Systems (GASS), Department of Software Engineering and Artificial Intelligence (DISIA), Faculty of Computer Science and Engineering, Office 431, Universidad Complutense de Madrid (UCM), Calle Profesor Jos\u00e9 Garc\u00eda Santesmases, 9, Ciudad Universitaria, 28040 Madrid, Spain"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2846-9017","authenticated-orcid":false,"given":"Ana Lucila","family":"Sandoval Orozco","sequence":"additional","affiliation":[{"name":"Professional Post-Graduate Program in Electrical Engineering (PPEE), Department of Electrical Engineering (ENE), University of Bras\u00edlia (UnB), Bras\u00edlia 70910-900, Brazil"},{"name":"Group of Analysis, Security and Systems (GASS), Department of Software Engineering and Artificial Intelligence (DISIA), Faculty of Computer Science and Engineering, Office 431, Universidad Complutense de Madrid (UCM), Calle Profesor Jos\u00e9 Garc\u00eda Santesmases, 9, Ciudad Universitaria, 28040 Madrid, Spain"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7573-6272","authenticated-orcid":false,"given":"Luis Javier","family":"Garc\u00eda Villalba","sequence":"additional","affiliation":[{"name":"Group of Analysis, Security and Systems (GASS), Department of Software Engineering and Artificial Intelligence (DISIA), Faculty of Computer Science and Engineering, Office 431, Universidad Complutense de Madrid (UCM), Calle Profesor Jos\u00e9 Garc\u00eda Santesmases, 9, Ciudad Universitaria, 28040 Madrid, Spain"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"1968","published-online":{"date-parts":[[2024,1,31]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"92","DOI":"10.1016\/j.inffus.2018.10.005","article-title":"Data fusion and machine learning for industrial prognosis: Trends and perspectives towards Industry 4.0","volume":"50","author":"Galar","year":"2019","journal-title":"Inf. Fusion"},{"key":"ref_2","first-page":"7","article-title":"Immersive extended reality technologies, data visualization tools, and customer behavior analytics in the metaverse commerce","volume":"10","author":"Kovacova","year":"2022","journal-title":"J.-Self-Gov. Manag. Econ."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"123","DOI":"10.1080\/09537287.2020.1810764","article-title":"Big data supply chain analytics: Ethical, privacy and security challenges posed to business, industries and society","volume":"33","author":"Ogbuke","year":"2022","journal-title":"Prod. Plan. Control."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"218","DOI":"10.1111\/inr.12585","article-title":"Privacy, confidentiality, security and patient safety concerns about electronic health records","volume":"67","author":"Ibrahim","year":"2020","journal-title":"Int. Nurs. Rev."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1186\/s40537-022-00573-8","article-title":"A machine learning based credit card fraud detection using the GA algorithm for feature selection","volume":"9","author":"Ileberi","year":"2022","journal-title":"J. Big Data"},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"175","DOI":"10.3390\/appliedmath3010011","article-title":"Analyzing Health Data Breaches: A Visual Analytics Approach","volume":"3","author":"Raghupathi","year":"2023","journal-title":"AppliedMath"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Perera, S., Jin, X., Maurushat, A., and Opoku, D.G.J. (2022). Factors affecting reputational damage to organisations due to cyberattacks. Informatics, 9.","DOI":"10.3390\/informatics9010028"},{"key":"ref_8","first-page":"29","article-title":"Impact of Controls on Data Integrity and Information Systems","volume":"13","author":"Duggineni","year":"2023","journal-title":"Sci. Technol."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"7298","DOI":"10.1287\/mnsc.2021.4264","article-title":"Data breach announcements and stock market reactions: A matter of timing?","volume":"68","author":"Foerderer","year":"2022","journal-title":"Manag. Sci."},{"key":"ref_10","unstructured":"IBM (2023). Cost of a Data Breach Report, IBM Security. Technical Report."},{"key":"ref_11","first-page":"402","article-title":"Data breach: Analysis, countermeasures and challenges","volume":"19","author":"Zhang","year":"2022","journal-title":"Int. J. Inf. Comput. Secur."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"2927","DOI":"10.1109\/TIFS.2019.2911166","article-title":"An attribute-based controlled collaborative access control scheme for public cloud storage","volume":"14","author":"Xue","year":"2019","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"2517","DOI":"10.3233\/JIFS-179539","article-title":"Cloud computing and data security threats taxonomy: A review","volume":"38","author":"Farsi","year":"2020","journal-title":"J. Intell. Fuzzy Syst."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3439873","article-title":"Developing a global data breach database and the challenges encountered","volume":"13","author":"Neto","year":"2021","journal-title":"J. Data Inf. Qual. (JDIQ)"},{"key":"ref_15","first-page":"167","article-title":"IoT and Smart Home Data Breach Risks from the Perspective of Data Protection and Information Security Law","volume":"11","year":"2020","journal-title":"Bus. Syst. Res. Int. J. Soc. Adv. Innov. Res. Econ."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"65","DOI":"10.3390\/jcp2010005","article-title":"Security perception of IoT devices in smart homes","volume":"2","author":"Feher","year":"2022","journal-title":"J. Cybersecur. Priv."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"100721","DOI":"10.1016\/j.iot.2023.100721","article-title":"The Internet of Things (IoT) in healthcare: Taking stock and moving forward","volume":"22","author":"Rejeb","year":"2023","journal-title":"Internet Things"},{"key":"ref_18","unstructured":"Kiel, J.M. (2022). Nursing Informatics: A Health Informatics, Interprofessional and Global Perspective, Springer."},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Shahid, J., Ahmad, R., Kiani, A.K., Ahmad, T., Saeed, S., and Almuhaideb, A.M. (2022). Data protection and privacy of the internet of healthcare things (IoHTs). Appl. Sci., 12.","DOI":"10.3390\/app12041927"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Ugwu, A.O., Gao, X., Ugwu, J.O., and Chang, V. (2022, January 23\u201325). Ethical Implications of AI in Healthcare Data: A Case Study Using Healthcare Data Breaches from the US Department of Health and Human Services Breach Portal between 2009\u20132021. Proceedings of the 2022 International Conference on Industrial IoT, Big Data and Supply Chain (IIoTBDSC), Beijing, China.","DOI":"10.1109\/IIoTBDSC57192.2022.00070"},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"e33735","DOI":"10.2196\/33735","article-title":"Privacy, data sharing, and data security policies of women\u2019s mhealth apps: Scoping review and content analysis","volume":"10","author":"Alfawzan","year":"2022","journal-title":"JMIR Mhealth Uhealth"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Utz, C., Degeling, M., Fahl, S., Schaub, F., and Holz, T. (2019, January 11\u201315). (Un) informed consent: Studying GDPR consent notices in the field. Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, London, UK.","DOI":"10.1145\/3319535.3354212"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Strupczewski, G. (2020, January 27\u201329). What Do We Know About Data Breaches? Empirical Evidence from the United States. Proceedings of the Eurasian Economic Perspectives: Proceedings of the 23rd Eurasia Business and Economics Society Conference, Madrid, Spain.","DOI":"10.1007\/978-3-030-40375-1_20"},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"682","DOI":"10.1016\/j.matpr.2021.06.204","article-title":"Cyber threat intelligence challenges: Leveraging blockchain intelligence with possible solution","volume":"51","author":"Saxena","year":"2022","journal-title":"Mater. Today Proc."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"36","DOI":"10.3389\/fcomp.2020.00036","article-title":"The challenges of leveraging threat intelligence to stop data breaches","volume":"2","author":"Ibrahim","year":"2020","journal-title":"Front. Comput. Sci."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"467","DOI":"10.1016\/j.future.2019.01.022","article-title":"A machine learning framework for investigating data breaches based on semantic analysis of adversary\u2019s attack patterns in threat intelligence repositories","volume":"95","author":"Noor","year":"2019","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"44","DOI":"10.1177\/10946705211036944","article-title":"The effects of service crises and recovery resources on market reactions: An event study analysis on data breach announcements","volume":"26","author":"Rasoulian","year":"2023","journal-title":"J. Serv. Res."},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"102690","DOI":"10.1016\/j.frl.2022.102690","article-title":"Short selling surrounding data breach announcements","volume":"47","author":"Wang","year":"2022","journal-title":"Financ. Res. Lett."},{"key":"ref_29","unstructured":"Adharsh, C., and Vijayalakshmi, S. (2022, January 28\u201329). Prevention of Data Breach by Machine Learning Techniques. Proceedings of the 2022 2nd International Conference on Advance Computing and Innovative Technologies in Engineering (ICACITE), Greater Noida, India."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Turjeman, D., and Feinberg, F.M. (Mark. Sci., 2023). When the data are out: Measuring behavioral changes following a data breach, Mark. Sci., ahead of print.","DOI":"10.1287\/mksc.2019.0208"},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"881","DOI":"10.25300\/MISQ\/2022\/15596","article-title":"The Opm Data Breach: An Investigation of Shared Emotional Reactions on Twitter","volume":"46","author":"Bachura","year":"2022","journal-title":"MIS Q."},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Zou, Y., Danino, S., Sun, K., and Schaub, F. (2019, January 4\u20139). YouMight\u2019Be Affected: An Empirical Analysis of Readability and Usability Issues in Data Breach Notifications. Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, Glassglow, UK.","DOI":"10.1145\/3290605.3300424"},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"22","DOI":"10.1016\/j.future.2020.10.017","article-title":"Louder bark with no bite: Privacy protection through the regulation of mandatory data breach notification in Australia","volume":"116","author":"Alazab","year":"2021","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"1222","DOI":"10.1111\/jels.12331","article-title":"Do data breach notification laws reduce medical identity theft? Evidence from consumer complaints data","volume":"19","author":"Kesari","year":"2022","journal-title":"J. Empir. Leg. Stud."},{"key":"ref_35","first-page":"49","article-title":"China\u2019s approach on data privacy law: A third way between the US and the EU?","volume":"8","year":"2020","journal-title":"Penn St. JL Int\u2019l Aff."},{"key":"ref_36","unstructured":"Daniel Sokol, D., and Rooij, B.v. (2019). Cambridge Handbook on Compliance, Cambridge University Press."},{"key":"ref_37","unstructured":"Silva, J., Calegari, N., and Gomes, E. Proceedings of the Companion Proceedings of the 2019 World Wide Web Conference."},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Ong, E.I. (2020). Data Protection in the Internet, Springer.","DOI":"10.1007\/978-3-030-28049-9_13"},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"105409","DOI":"10.1016\/j.clsr.2020.105409","article-title":"Privacy and security by design: Comparing the EU and Israeli approaches to embedding privacy and security","volume":"37","author":"Haber","year":"2020","journal-title":"Comput. Law Secur. Rev."},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Yuan, B., and Li, J. (2019). The policy effect of the general data protection regulation (GDPR) on the digital public health sector in the european union: An empirical investigation. Int. J. Environ. Res. Public Health, 16.","DOI":"10.3390\/ijerph16061070"},{"key":"ref_41","doi-asserted-by":"crossref","unstructured":"Mauri, M., Elli, T., Caviglia, G., Uboldi, G., and Azzi, M. (2017, January 18\u201320). RAWGraphs: A visualisation platform to create open outputs. Proceedings of the 12th Biannual Conference on Italian SIGCHI Chapter, Cagliari, Italy.","DOI":"10.1145\/3125571.3125585"},{"key":"ref_42","doi-asserted-by":"crossref","unstructured":"Granova, V., Mashatan, A., and Turetken, O. (2023, January 23\u201328). Changing Hearts and Minds: The Role of Cybersecurity Champion Programs in Cybersecurity Culture. Proceedings of the International Conference on Human-Computer Interaction, Copenhegen, Denmark.","DOI":"10.1007\/978-3-031-35017-7_26"},{"key":"ref_43","unstructured":"Wu, E. (2021). Belfer Center for Science and International Affairs, Harvard Kennedy School."},{"key":"ref_44","first-page":"5","article-title":"Potential Risk: Hosting Cloud Services Outside the Country","volume":"11","author":"George","year":"2022","journal-title":"Int. J. Adv. Res. Comput. Commun. Eng."},{"key":"ref_45","doi-asserted-by":"crossref","unstructured":"Sampson, D., and Chowdhury, M.M. (2021, January 14\u201315). The growing security concerns of cloud computing. Proceedings of the 2021 IEEE International Conference on Electro Information Technology (EIT), Mt. Pleasant, MI, USA.","DOI":"10.1109\/EIT51626.2021.9491902"},{"key":"ref_46","doi-asserted-by":"crossref","unstructured":"Seh, A.H., Zarour, M., Alenezi, M., Sarkar, A.K., Agrawal, A., Kumar, R., and Ahmad Khan, R. (2020). Healthcare data breaches: Insights and implications. Healthcare, 8.","DOI":"10.3390\/healthcare8020133"},{"key":"ref_47","first-page":"1","article-title":"Hidden in the shadow: The dark web-a growing risk for military operations?","volume":"Volume 900","author":"Koch","year":"2022","journal-title":"Proceedings of the 2019 11th International Conference on Cyber Conflict (CyCon)"},{"key":"ref_48","doi-asserted-by":"crossref","unstructured":"Haber, M.J., Chappell, B., and Hills, C. (2022). Cloud Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Cloud Resources, Springer.","DOI":"10.1007\/978-1-4842-8236-6"},{"key":"ref_49","doi-asserted-by":"crossref","first-page":"1282","DOI":"10.1001\/jama.2018.9222","article-title":"Temporal trends and characteristics of reportable health data breaches, 2010\u20132017","volume":"320","author":"McCoy","year":"2018","journal-title":"JAMA"},{"key":"ref_50","doi-asserted-by":"crossref","unstructured":"Churi, P., Pawar, A., and Moreno-Guerrero, A.J. (2021). A comprehensive survey on data utility and privacy: Taking Indian healthcare system as a potential case study. Inventions, 6.","DOI":"10.3390\/inventions6030045"},{"key":"ref_51","doi-asserted-by":"crossref","first-page":"104164","DOI":"10.1016\/j.ijmedinf.2020.104164","article-title":"Impact of trust and privacy concerns on technology acceptance in healthcare: An Indian perspective","volume":"141","author":"Dhagarra","year":"2020","journal-title":"Int. J. Med. Inform."},{"key":"ref_52","doi-asserted-by":"crossref","unstructured":"Ferr\u00e3o, S.\u00c9.R., Carvalho, A.P., Canedo, E.D., Mota, A.P.B., Costa, P.H.T., and Cerqueira, A.J. (2021). Diagnostic of data processing by brazilian organizations\u2014a low compliance issue. Information, 12.","DOI":"10.3390\/info12040168"},{"key":"ref_53","doi-asserted-by":"crossref","first-page":"84","DOI":"10.1080\/14702436.2020.1848425","article-title":"No power vacuum: National security neglect and the defence sector in Brazil","volume":"21","author":"Lima","year":"2021","journal-title":"Def. Stud."},{"key":"ref_54","first-page":"10","article-title":"The Simulation of Scandal: Hack-and-Leak Operations, the Gulf States, and US Politics (Fall 2020)","volume":"3","author":"Shires","year":"2020","journal-title":"Tex. Natl. Secur. Rev."},{"key":"ref_55","unstructured":"Islam, R. (2020). The Impact of Data Breaches on Stock Performance, Glucksman Institute for Research in Securities Markets, Leonard N. Stern School of Business, New York University."},{"key":"ref_56","doi-asserted-by":"crossref","first-page":"277","DOI":"10.2471\/BLT.19.237123","article-title":"Ethical challenges of digital health technologies: Aadhaar, India","volume":"98","author":"Gopichandran","year":"2020","journal-title":"Bull. World Health Organ."},{"key":"ref_57","doi-asserted-by":"crossref","first-page":"467","DOI":"10.9745\/GHSP-D-20-00346","article-title":"Protecting mental health data privacy in India: The case of data linkage with Aadhaar","volume":"9","author":"Bondre","year":"2021","journal-title":"Glob. Heal. Sci. Pract."},{"key":"ref_58","doi-asserted-by":"crossref","unstructured":"Mali, N.V., and Avila-Maravilla, M.A. (2018, January 4\u20136). Convergence or Conflict? Digital Identities vs. Citizenship Rights: Case Study of Unique Identification Number, Aadhaar, in India. Proceedings of the 11th International Conference on Theory and Practice of Electronic Governance, Galway, Ireland.","DOI":"10.1145\/3209415.3209487"},{"key":"ref_59","doi-asserted-by":"crossref","unstructured":"Tiwari, P.R., Agarwal, D., Jain, P., Dasgupta, S., Datta, P., Reddy, V., and Gupta, D. (2022, January 2\u20136). India\u2019s \u201cAadhaar\u201d Biometric ID: Structure, Security, and Vulnerabilities. Proceedings of the International Conference on Financial Cryptography and Data Security, Grenada, Spain.","DOI":"10.1007\/978-3-031-18283-9_34"},{"key":"ref_60","doi-asserted-by":"crossref","unstructured":"Tyagi, A.K., Rekha, G., and Sreenath, N. (2018, January 20\u201322). Is your privacy safe with Aadhaar?: An open discussion. Proceedings of the 2018 Fifth International Conference on Parallel, Distributed and Grid Computing (PDGC), Solan, India.","DOI":"10.1109\/PDGC.2018.8745836"},{"key":"ref_61","doi-asserted-by":"crossref","first-page":"146","DOI":"10.1007\/s42154-022-00203-2","article-title":"A double assessment of privacy risks aboard top-selling cars","volume":"6","author":"Bella","year":"2023","journal-title":"Automot. Innov."},{"key":"ref_62","first-page":"74","article-title":"Regulating Data Privacy of Connected Vehicles: How Automotive Giants Can Protect Themselves and Their Golden Goose","volume":"30","author":"Peacher","year":"2020","journal-title":"Alb. LJ Sci. Tech."},{"key":"ref_63","doi-asserted-by":"crossref","first-page":"469","DOI":"10.1109\/TIFS.2023.3324326","article-title":"Hardening Password-Based Credential Databases","volume":"19","author":"Song","year":"2023","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_64","doi-asserted-by":"crossref","first-page":"82","DOI":"10.1109\/MNET.2019.1800240","article-title":"Challenges of multi-factor authentication for securing advanced IoT applications","volume":"33","author":"Ometov","year":"2019","journal-title":"IEEE Netw."},{"key":"ref_65","unstructured":"Thomas, K., Pullman, J., Yeo, K., Raghunathan, A., Kelley, P.G., Invernizzi, L., Benko, B., Pietraszek, T., Patel, S., and Boneh, D. (2019, January 14\u201316). Protecting accounts from credential stuffing with password breach alerting. Proceedings of the 28th USENIX Security Symposium (USENIX Security 19), Santa Clara, CA, USA."},{"key":"ref_66","first-page":"41","article-title":"Posted: No Phishing","volume":"8","author":"Trautman","year":"2021","journal-title":"Emory Corp. Gov. Account. Rev."},{"key":"ref_67","first-page":"82","article-title":"Cyber security awareness, knowledge and behavior: A comparative study","volume":"62","author":"Zwilling","year":"2022","journal-title":"J. Comput. Inf. Syst."},{"key":"ref_68","doi-asserted-by":"crossref","first-page":"101589","DOI":"10.1016\/j.cose.2019.101589","article-title":"Cyber threat intelligence sharing: Survey and research directions","volume":"87","author":"Wagner","year":"2019","journal-title":"Comput. Secur."},{"key":"ref_69","doi-asserted-by":"crossref","first-page":"157","DOI":"10.1007\/s10270-021-00898-7","article-title":"Cyber security threat modeling based on the MITRE Enterprise ATT&CK Matrix","volume":"21","author":"Xiong","year":"2022","journal-title":"Softw. Syst. Model."},{"key":"ref_70","doi-asserted-by":"crossref","first-page":"65","DOI":"10.1080\/13600834.2019.1573501","article-title":"The European Union general data protection regulation: What it is and what it means","volume":"28","author":"Hoofnagle","year":"2019","journal-title":"Inf. Commun. Technol. Law"},{"key":"ref_71","unstructured":"Shastri, S., Wasserman, M., and Chidambaram, V. (2019, January 8). The seven sins of {Personal-Data} processing systems under {GDPR}. Proceedings of the 11th USENIX Workshop on Hot Topics in Cloud Computing (HotCloud 19), Renton, WA, USA."},{"key":"ref_72","doi-asserted-by":"crossref","first-page":"367","DOI":"10.1365\/s43439-022-00062-x","article-title":"Could incorporating cybersecurity reporting into SOX have prevented most data breaches at US publicly traded companies? An exploratory study","volume":"3","author":"Sebastian","year":"2022","journal-title":"Int. Cybersecur. Law Rev."},{"key":"ref_73","doi-asserted-by":"crossref","first-page":"101707","DOI":"10.1016\/j.jsis.2022.101707","article-title":"Strategic roles of IT modernization and cloud migration in reducing cybersecurity risks of organizations: The case of US federal government","volume":"31","author":"Pang","year":"2022","journal-title":"J. Strateg. Inf. Syst."},{"key":"ref_74","doi-asserted-by":"crossref","first-page":"6","DOI":"10.1080\/07366981.2021.1911387","article-title":"Gramm-Leach-Bliley gets a systems upgrade: What the ftc\u2019s proposed safeguards rule changes mean for small and medium american financial institutions","volume":"65","author":"Ryle","year":"2022","journal-title":"EDPACS"},{"key":"ref_75","doi-asserted-by":"crossref","unstructured":"Cohen, B., Hu, A., Patino, D., and Coffman, J. (2022, January 6\u20139). Educational Data in the Cloud Legal Implications and Technical Recommendations. Proceedings of the 2022 IEEE\/ACM 15th International Conference on Utility and Cloud Computing (UCC), Vancouver, WA, USA.","DOI":"10.1109\/UCC56403.2022.00032"},{"key":"ref_76","first-page":"12","article-title":"Coppa and educational technologies: The need for additional online privacy protections for students","volume":"38","author":"Skowronski","year":"2022","journal-title":"Ga. State Univ. Law Rev."},{"key":"ref_77","unstructured":"Piper, D. (2023). Data Protection Laws of the World Full Handbook, DLA Piper. Technical Report."},{"key":"ref_78","doi-asserted-by":"crossref","first-page":"105500","DOI":"10.1016\/j.clsr.2020.105500","article-title":"The future of data protection: Gold standard vs. global standard","volume":"40","author":"Mantelero","year":"2021","journal-title":"Comput. Law Secur. Rev."},{"key":"ref_79","doi-asserted-by":"crossref","first-page":"197","DOI":"10.1365\/s43439-023-00081-2","article-title":"Alternatives for an adequate structuring of the national data protection authority (ANPD) in its independent profile: Proposals to overcome the technological challenges in the age of digital governance","volume":"4","year":"2023","journal-title":"Int. Cybersecur. Law Rev."},{"key":"ref_80","doi-asserted-by":"crossref","first-page":"35","DOI":"10.55763\/ippr.2023.04.05.003","article-title":"Drafting a pro-antitrust and data protection regulatory framework","volume":"4","author":"Srinivasan","year":"2023","journal-title":"Indian Public Policy Rev."},{"key":"ref_81","first-page":"1687","article-title":"Privacy\u2019s constitutional moment and the limits of data protection","volume":"61","author":"Hartzog","year":"2020","journal-title":"BCL Rev."},{"key":"ref_82","unstructured":"Sheth, S., Kaiser, G., and Maalej, W. (June, January 31). Us and them: A study of privacy requirements across North America, Asia, and Europe. Proceedings of the 36th International Conference on Software Engineering, Hyderabad, India."},{"key":"ref_83","doi-asserted-by":"crossref","first-page":"105806","DOI":"10.1016\/j.clsr.2023.105806","article-title":"The thin red line: Refocusing data protection law on ADM, a global perspective with lessons from case-law","volume":"49","author":"Demetzou","year":"2023","journal-title":"Comput. Law Secur. Rev."},{"key":"ref_84","unstructured":"Banisar, D. (2023). National Comprehensive Data Protection\/Privacy Laws and Bills 2023. Priv. Laws Bills."},{"key":"ref_85","doi-asserted-by":"crossref","first-page":"31","DOI":"10.1016\/j.therap.2018.12.004","article-title":"How the new European data protection regulation affects clinical research and recommendations?","volume":"74","author":"Cornu","year":"2019","journal-title":"Therapies"},{"key":"ref_86","doi-asserted-by":"crossref","first-page":"397","DOI":"10.21552\/edpl\/2019\/3\/14","article-title":"Germany Revisited: The Second Data Protection Adaption and Implementation Act","volume":"5","author":"Etteldorf","year":"2019","journal-title":"Eur. Data Prot. L. Rev."},{"key":"ref_87","first-page":"301","article-title":"Measuring the Brussels Effect through Access Requests: Has the European General Data Protection Regulation Influenced the Data Protection Rights of Canadian Citizens?","volume":"11","author":"Mahieu","year":"2021","journal-title":"J. Inf. Policy"},{"key":"ref_88","doi-asserted-by":"crossref","first-page":"11","DOI":"10.1093\/idpl\/ipz026","article-title":"They who must not be identified\u2014Distinguishing personal from non-personal data under the GDPR","volume":"10","author":"Finck","year":"2020","journal-title":"Int. Data Priv. Law"},{"key":"ref_89","first-page":"449","article-title":"A review on the personal data protection authority of turkey","volume":"7","author":"Karabulut","year":"2020","journal-title":"Akad. Hassasiyetler"},{"key":"ref_90","doi-asserted-by":"crossref","first-page":"428","DOI":"10.1177\/0003603X19863590","article-title":"The interaction of EU competition, consumer, and data protection law in the digital economy: The regulatory dilemma in the Facebook odyssey","volume":"64","author":"Botta","year":"2019","journal-title":"Antitrust Bull."},{"key":"ref_91","doi-asserted-by":"crossref","first-page":"66","DOI":"10.1109\/MSEC.2022.3222115","article-title":"The data protection officer: A ubiquitous role that no one really knows","volume":"21","author":"Ciclosi","year":"2022","journal-title":"IEEE Secur. Priv."},{"key":"ref_92","doi-asserted-by":"crossref","first-page":"1177","DOI":"10.1007\/s11142-018-9452-4","article-title":"Do firms underreport information on cyber-attacks? Evidence from capital markets","volume":"23","author":"Amir","year":"2018","journal-title":"Rev. Account. Stud."},{"key":"ref_93","doi-asserted-by":"crossref","unstructured":"Wohlin, C., Runeson, P., H\u00f6st, M., Ohlsson, M.C., Regnell, B., and Wessl\u00e9n, A. (2012). Experimentation in Software Engineering, Springer Science & Business Media.","DOI":"10.1007\/978-3-642-29044-2"}],"container-title":["Data"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2306-5729\/9\/2\/27\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T13:52:30Z","timestamp":1760104350000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2306-5729\/9\/2\/27"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,1,31]]},"references-count":93,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2024,2]]}},"alternative-id":["data9020027"],"URL":"https:\/\/doi.org\/10.3390\/data9020027","relation":{},"ISSN":["2306-5729"],"issn-type":[{"value":"2306-5729","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,1,31]]}}}