Sharing Consumer Data With Third Parties, Potential Data Leaks Are Concerns for FTC Bureau Chief

University Scalia Law School event Friday. She said there's "still an underestimation of the actual harm of data breach to the whole society" because when firms aren't blamed for certain ID theft incidents as a result of their data practices, they're not incorporating that into their expenses. Jin talked about the fundamental economic concerns in privacy and data security, pros and cons to consumers and potential policy tools. When a consumer shares his or her personal data with a seller, the flow doesn't stop there because the seller can share that data with its partners like data brokers who may offer a product or service back to that consumer, she said. She called sharing data beyond the "focal transaction" as "persistent effects." This includes data that can potentially be leaked or stolen by criminals. Through these transactions with sellers, some consumers may be better off in terms of prices and offerings while others will be worse off, she said: Persistent effects are what concerns her and deserve more consideration from economists. Third-party sharing can produce new product offerings and services and benefit consumers, she said: When a data breach or ID theft occurs, consumers are at a disadvantage because they may not know who should be blamed, and they may not know how their data is shared and with whom. They also may misunderstand that a company's privacy policy doesn't necessarily mean their data is kept safe, meaning there's a "huge information gap" for consumers, said Jin. She said policymakers have potential tools, including educating stakeholders, enforcing truth telling in privacy policies, directly monitoring firms' real data practices, mandating sellers to disclose their privacy sharing practices, and setting minimum standards for firms that store, use and share data. A cost-benefits analysis is a "no brainer," said Jin. "The question is how to do that. That's the hard part."