Personal data disclosure and data breaches: the customers viewpoint

Every time the customer (individual or company) has to release personal information to its service provider (e.g., an online store or a cloud computing provider), it faces a trade-off between the benefits gained (enhanced or cheaper services) and the risks it incurs (identity theft and fraudulent uses). The amount of personal information released is the major decision variable in that trade-off problem, and has a proxy in the maximum loss the customer may incur. We find the conditions for a unique optimal solution to exist for that problem as that maximizing the customer’s surplus. We also show that the optimal amount of personal information is influenced most by the immediate benefits the customer gets, i.e., the price and the quantity of service offered by the service provider, rather than by maximum loss it may incur. Easy spenders take larger risks with respect to low-spenders, but an increase in price drives customers towards a more careful risk-taking attitude anyway. A major role is also played by the privacy level, which the service provider employs to regulate the benefits released to the customers. We also provide a closed form solution for the limit case of a perfectly secure provider, showing that the results do not differ significantly from those obtained in the general case. The trade-off analysis may be employed by the customer to determine its level of exposure in the relationship with its service provider.

💡 Research Summary

The paper develops a quantitative framework for the trade‑off that customers face when disclosing personal data to a service provider such as an online retailer or a cloud‑computing platform. The decision variable is the proportion of personal information released, denoted by (x) (0 ≤ (x) ≤ 1). Two opposing forces are modeled: (1) the immediate benefit the customer receives, captured by the service price (p) and the quantity of service (q); and (2) the potential loss (L_{\max}) that could arise if the disclosed data were breached. The customer’s surplus is defined as the difference between a benefit function (U(p,q,x)) and a risk function (R(L_{\max},x)). The benefit function is chosen to be a decreasing‑tangent of price (so lower prices give sharply higher benefit) and linear in the amount of service, while the risk function grows logarithmically with the disclosed data and is scaled by a risk‑aversion coefficient (\alpha).

The authors formulate the problem as a constrained maximization of the surplus with respect to (x). By applying the Lagrange multiplier method they obtain first‑order optimality conditions. Under the convexity of the benefit term ((\partial^{2}U/\partial x^{2}<0)) and the concavity of the risk term ((\partial^{2}R/\partial x^{2}>0)), a unique optimal solution exists. The closed‑form solution is

\