Cloud computing data breaches: A review of U.S. regulation and data breach notification literature

David Kolevski, Katina Michael, Roba Abbas, Mark Freeman

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Scopus citations


Cloud computing services have enjoyed explosive growth over the last decade. Users are typically businesses and government agencies who are able to scale their storage and processing requirements, and choose from pre-defined services (e.g. specific software-as-a-service applications). But with this outsourcing has also come the potential for data breaches targeted at the end-user, typically consumers (e.g. who purchase goods at an online retail store), and citizens (e.g. who transact information for their social security needs). This paper briefly introduces U.S.-based cloud computing regulation, including the U.S. Health Insurance Portability and Accountability Act (HIPPA), the Gramm Leach Bliley Act (GLBA), and the U.S. Stored Communications Act (SCA). We present how data breach notification (DBN) works in the U.S. by examining three mini-case examples: The 2011 Sony PlayStation Network data breach, the 2015 Anthem Healthcare data breach, and the 2017 Equifax data breach. The findings of the paper show that there is a systemic failure to learn from past data breaches, and that data breaches not only affect business and government clients of cloud computing services but their respective end-user customer base. Finally, the level of sensitivity of data breaches is increasing, from cloud computing hacks on video game platforms, to the targeting of more lucrative network and computer crime abuses aiming at invasive private health and financial data.

Original languageEnglish (US)
Title of host publicationProceedings - 2021 IEEE International Symposium on Society and Technology
Subtitle of host publicationTechnological Stewardship and Responsible Innovation, ISTAS 2021
EditorsBrandiff Caron, Ketra A. Schmitt, Zach Pearl, Rozita Dara, Heather A. Love
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781665435802
StatePublished - 2021
Event2021 IEEE International Symposium on Society and Technology, ISTAS 2021 - Virtual, Waterloo, Canada
Duration: Oct 28 2021Oct 31 2021

Publication series

NameInternational Symposium on Technology and Society, Proceedings


Conference2021 IEEE International Symposium on Society and Technology, ISTAS 2021
CityVirtual, Waterloo


  • Anthem Healthcare
  • cloud computing
  • consumers
  • data breach
  • data breach notification
  • Equifax
  • financial records
  • health records
  • regulation
  • sensitive data
  • Sony PSN
  • USA

ASJC Scopus subject areas

  • General Engineering
  • General Social Sciences


Dive into the research topics of 'Cloud computing data breaches: A review of U.S. regulation and data breach notification literature'. Together they form a unique fingerprint.

Cite this