A Massachusetts hospital recently agreed to pay $750,000 to the state as part of a settlement for a data breach that compromised the personal information of 800,000 individuals, proving that when your system is insecure, it’s not only embarrassing, it can be costly too.
And if that doesn’t convince you, how about the $1.5 million fine that Blue Cross Blue Shield of Tennessee had to pay for a 2009 data breach that affected more than a million members.
A recent survey by SalePoint, an identity management software company found that it wasn’t just costing money in terms of civil fines, it was also having a negative impact on consumer confidence around online transactions.
- Twenty percent of Americans and 25 percent of Australians and British said they would stop using banking, credit card or retail web sites that had experienced data breaches.
- When asked about moving to Electronic Health Records, 80 percent of Americans, along with 81 percent of British and 83 percent of Australians, expressed concerns identity theft, their records being exposed on the Internet, access by nosy healthcare workers and employers getting access to medical information.
- Even more surprising that was when asked 1 in 5 Americans said they would steal personal data, while a third of Australians said they would and half of British, an astonishing number, but it’s not clear just what they would do with that data, although 24 percent of British people surveyed indicated they would sell it for profit — not a result that’s likely to leave.
Given the survey is by a company that gets paid to protect information, you may want to take these results with healthy dose of skepticism, but at the same time, you have to at least consider that data breaches are going to cost your company money in terms of civil fines, but over time, it’s going to cost you even more in terms of the hit on your company’s reputation.
If your business is focussed on a web site, this could be even more pronounced because there has to be aleve of trust that exists between customers and the web site. They have to know that when they leave personal information including credit card numbers that the IT pros charged with securing that site are doing everything in their power to avoid a breach.
Sometimes, even when you do your best, it’s not good enough, but you have to be forthright with your customers should disaster strike. And if the survey is to be believed, you also need to do a lot of education in-house to ensure that every employee understands the importance of data security and the privacy of every customer.
If not, you could be caught in an upsetting scandal that has impact across the organization. Better to avoid it altogether if you can and keep your reputation intact.
Photo by Robert Scoble on Flickr. Used under Creative Commons License.