From blame to accountability
: evaluating responsibility-taking language and class-action lawsuits in data breach crises through stakeholder theory

  • Maximilian Antonio Braun (Student)

Student thesis: Master's Thesis

Abstract

Organizations today operate in a landscape of heightened stakeholder scrutiny and regulatory complexity. Crises compel organizations to demonstrate accountability, with responsibility-taking narratives playing a critical role in rebuilding trust. This thesis investigates how evolving regulatory frameworks, such as the California Consumer Privacy Act (CCPA), shape organizational responsibility narratives and influence stakeholder-imposed punitive actions, thereby offering empirical evidence for how organizations depend on their consumers. Leveraging an empirical quantitative analysis, this study analyzes pre- and post-CCPA data breach notifications from the California Attorney General’s database and class-action lawsuit records from ClassAction.org. Linguistic analysis quantifies responsibility-taking and deflective language in breach notifications, while a Difference in Differences methodology evaluates regulatory impact. The relationship between crisis severity and class-action lawsuits is examined through matched data from the two databases, exploring the interplay of narratives and legal outcomes. Results show a significant increase in responsibility-taking language and a decrease in deflective communication post-CCPA. However, breaches involving highly sensitive data reduced responsibility-taking narratives, highlighting the moderating role of severity. Despite these shifts, no consistent evidence was found that responsibility-taking alone reduced the likelihood of lawsuits or that severity had a clear moderating role. This study reveals how regulatory frameworks influence corporate crisis communication, shaping responsibility-taking narratives. While these narratives support trust rebuilding and mitigate reputational damage, their effectiveness in reducing punitive actions remains inconsistent. The findings emphasize the need for organizations to adopt context-specific strategies, integrating narrative adjustments with comprehensive crisis management to meet stakeholder expectations and address legal risks effectively.
Date of Award11 Feb 2025
Original languageEnglish
Awarding Institution
  • Universidade Católica Portuguesa
SupervisorEkin Ilseven (Supervisor)

Keywords

  • Responsibility narrative
  • Crisis communication
  • Stakeholder trust
  • CCPA
  • Data breach

Designation

  • Mestrado em Gestão e Administração de Empresas

Cite this

UN SDGs

This student thesis contributes to the following UN Sustainable Development Goals (SDGs)

  • SDG 9 - Industry, Innovation, and Infrastructure
  • SDG 12 - Responsible Consumption and Production
  • SDG 16 - Peace, Justice and Strong Institutions

Links

'