A recent study by researchers at the Heinz School of Public Policy at Carnegie Mellon University questions whether data breach notification laws are effective in reducing identity theft. According to a research paper on the issue, identity theft accounted for losses of $56 billion in 2005, with 30% of those thefts resulting from data breaches. More than 40 states have passed laws calling for consumer notification in the event of a known breach to combat the problem, but the research concludes that “data breach disclosure laws reduce identify thefts by 5 for every 10 million people,” a number it describes as “not statistically significant.” While the paper also notes that such laws may account for a reduced magnitude of losses, or increased security vigilance by business, it does strongly suggest that the wave of data breach notifications laws are far from a silver bullet. We can expect hacked servers and stolen laptops to pose a risk for businesses and consumers for some time to come.