How Data Laws Slap Insecure Companies

[Jake Kouns <jkouns () opensecurityfoundation org>]

http://www.forbes.com/2010/04/27/breach-disclosure-data-technology-security-laws.html?boxes=Homepagechannels

A new study shows just how much data loss disclosure rules punish
firms that have spilled sensitive information.

Breach disclosure laws--the rules that require companies to alert
customers or employees when they've lost control of their private
data--may not always achieve their intention to prevent identity
theft. But a new study suggests the laws bolster protections in a less
direct way: by financially punishing companies that suffer data
security mishaps.

In an analysis of 133 companies in five countries, the privacy-focused
nonprofit Ponemon Institute surveyed executives anonymously on the
financial repercussions of data breaches they had experienced in the
last year. The study found that American companies lost about $6.75
million on average as a result of data spillages, only slightly higher
than the $6.6 million per incident that they experienced in 2009.

Ponemon found a more significant trend: Companies in countries like
the U.S. and Germany, which in most cases require firms to tell the
affected individuals when their personal data has been spilled,
experience far higher losses than companies in countries that allow
breach victims to hide their data security incidents.

[..]
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php