Press Releases

NYU Stern Professors Available for Comment on Epsilon Data Breach

The researchers suggest that data governance is the next C-suite reputation management issue.
Two NYU Stern professors, Vasant Dhar and Arun Sundararajan, call the fallout of the Epsilon data breach in which hackers stole millions of names and email addresses of bank and retailer customers a “failure in management,” not a failure in security technology, and a “wake-up call” for chief executives.

Both researchers, who explore how information technology transforms markets and corporate strategy, with expertise in privacy, business intelligence and digital business models, argue:

  • Technology and regulation won’t fix an Epsilon problem. Firms must proactively take control of managing their consumer data to outpace the constant stream of new privacy risk created by technological innovation.
  • In today’s increasingly digital world, forward-looking CEOs who manage data risk as they do financial or operational risk will maintain customer trust, manage their firm’s reputation and gain a competitive advantage compared to companies with looser data restrictions.
  • Data use should be based on intent. Firms should think about what "rights" consumers are intentionally granting the firm when they share data, and should use this customer intention as a basis for deciding how to act on the data.

“It took a global financial crisis to get the public to pay attention to systemic financial risk. Now, think about everything Google knows about customers. Think about what banks know based on credit card transactions. Think about what Facebook knows based on browsing, messaging and commenting behavior. Will it take a massive data breach at a Google or Facebook to make data governance a priority for CEOs?” they ask.

Professors Sundararajan and Dhar are available for interviews. Please contact Jessica Neville, 514-840-3830,, in NYU Stern’s Office of Public Affairs to arrange an interview.