Why is it important to protect personal information?
Basically, it will cost your business more money if you don’t safeguard that information, than it does to actually safeguard that information in the first place. In California, any business that computerizes data that includes protected personal information will have to disclose, in the event of a data breach, what data was stolen to every Californian resident that was affected. The breach notice must be made as soon as possible, and if the breach involves more than 500 employee cases, a copy of that security breach notification must be submitted to the California Attorney General.1 On average, a single compromised record can cost an organization $225 per case in the United States.2 This means that 500 stolen records can cost a business about $112,500 total in damages.
Let’s break down the most common monetary and non-monetary costs that come with not protecting personal information.
Monetary damages for small businesses include:
- Lawyer fees,
- Mandatory forensic examinations (ave. cost of $20,000-$50,000 per small business),
- Credit and identity monitoring for victims of the data breach (for up to a year),
- High cost of setting up call center for victims,
- Liability for fraud charges lawsuits,
- Card replacement cost (ave. cost of $3-$10 per card),
- Upgrading or replacing POS (point-of-sale) systems (depending on the cause of data breach),
- An external Qualified Security Assessor (QSA) must be hired and brought in to look at the new POS system before a business can accept electronic payment, and then do a complete reassessment for PCI compliance;3
Non-monetary damages for small businesses include:
- Damages to the credibility and reputation of a small business,
- Loss of current and/or potential customers,
- Loss of payment card privileges, as credit and debit card companies may refuse to do further business with a business that had a data breach,
- Loss of productivity as time is spent fixing issues related to data breaches,
- Theft of confidential information, such as employee or bank information;
1. “California Civil Code s. 1798.29(a).” Law Section, http://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=CIV§ionNum=1798.29.
2. “Cost of a Data Breach Report 2020.” IBM, www.ibm.com/security/digital-assets/cost-data-breach-report/
3. First Data. Small Businesses: The Cost of a Data Breach is Higher Than You Think, First Data, 2014. First Data, https://www.firstdata.com/downloads/thought-leadership/Small_Businesses_Cost_of_a_Data_Breach_Article.pdf. PDF download.