There are different economic theories and social science theories that relate to a data breach notification letter. Rational choice theory is the first theory that comes to mind. This is the theory that an individual or business will make choices that are in their best interest. This could apply to both the person committing the data breach as well as to the company which experienced the data breach. The person who stole the data was thinking of them and their economic interests when they stole it. They determine that the risk was worth the reward, and so they took credit card numbers, names, addresses, etc., all the information they would need to fraudulently use the cards for their own profitable gain. The company that experiences the data breach decided how much money to spend on their data security and perhaps could have spent more to prevent something like this from occurring. They determined that saving money was worth a lower amount of security and it looks like in this case, the risk vs. reward did not pay off.

The second economic theory that comes to mind regarding a data breach is classical economic theory. This theory is based on the idea that companies and products work in a supply-and-demand system and that the free market is self-regulating. This idea is applicable to a situation like a data breach. The company claims that the data breach occurred due to negligence by the platform provider and that was the source of the problem. There is a need for companies to host the platforms, but if they don’t do a good job, someone else is going to take their place. It is a balancing act of spending money while also ensuring proper security. If they can’t do the job correctly, even if they are the cheaper company, the businesses will move to another company that can provide them with the security and services that they need. The first business will then need to either pay more for better security and then charge more or be wiped out altogether. The market self-regulates, therefore government regulation is not required.  

One social science theory that is applicable to a data breach is structural functionalism. Structural functionalism is the idea that you can use the mechanisms that contribute to society and the interactions between those mechanisms in order to understand society. In this case, it is important to evaluate what role cybersecurity plays in society. In this case, there was a lack of cybersecurity that led to a data breach. This can lead to a distrust of this company as well as other online companies. People might worry about their data being mishandled or stolen again and might not want to shop using this company or online at all. It could even make them wary about doing anything online.

Another social science theory that is applicable to a data breach is symbolic interactionism. Symbolic interactionism is how society can be understood based on how individuals interact with each other. In the case of a data breach, the individuals affected might warn their friends or family that the data breach occurred. They might tell them to steer clear of that company because they blame the company or to not do any of their shopping online. They might also just tell their friends and warn them to be careful of what company they use for their online shopping or to be more careful in what methods they use to pay for things. There are ways around giving a company your direct credit card information such as using PayPal or Apple Pay. These can prevent your credit card from being compromised. If people responded this way to a data breach, it could actually lead to safer behaviors, overall.

These are just a few theories that can be applied to a data breach and a notification of your PII being stolen. The behaviors and reactions to it can be different depending on the lens used to look at it and how people respond both individually and as a group. It really just depends on how you look at it.