Data Breaches: A Matter of When, Not If
Nearly every company routinely handles electronic data containing personally identifiable information. This data can include information about its customers, employees, or business partners. Whether a company is actually collecting and sharing the data itself or merely handling and storing data collected by others, there is the potential that this data may fall into the hands of unauthorized third parties -- a data breach.
Is your company aware of data breach notification requirements and prepared to appropriately respond to a data breach?
In the last five years alone, hundreds of substantial data breaches have resulted in the compromise of hundreds of millions of data records containing personally identifiable information. Some of these breaches were a result of human error, such as the misplacement of an employee laptop or smart phone. Other breaches were a result of illegal or malicious activities. The cost to a company for a single data breach can be staggering. For example, one of the largest data breaches in the United States will cost TJX Companies up to $500 million. In TJX’s case, third parties accessed and stole customer credit and debit card data and used it to make unauthorized transactions. TJX settled several class action lawsuits filed by customers, as well as lawsuits filed by financial institutions that had to reissue millions of credit and debit cards. In addition to damage awards in private lawsuits, such as the case with TJX, companies can also be held responsible to pay hefty government-imposed sanctions. Also, a company cannot ignore the impact a data breach can have on its reputation and customer confidence and trust.
