Article
Putting a price on privacy risk
Nov. 14, 2018
Gloomy statistics and stories of well-known corporations losing customer and vendor personal information to large-scale data breaches fill the news on a near daily basis. The frequency of data breaches has increased to an unprecedented rate, and the cost continues to rise each year. A study by the Ponemon Institute reports the average cost of a data breach is up 6.4 percent since 2017, to a whopping $3.86 million.
While there is significant press surrounding the fines organizations must pay for breaches and violations, the other less apparent and often difficult to quantify costs can be much greater, farther reaching and longer lasting. These may include reputational damage, loss of stock value, loss of current and future customers, class action lawsuits and remediation expenses from breaches such as notification costs or credit report monitoring for affected customers.
Many of these costs can, however, be avoided. Investing time and resources to build a comprehensive privacy program can pay dividends. The more organizations prepare, the better positioned they can be to steer clear of fines, negative press and other organizational challenges.
What your organization can do now
The costs of data privacy risks are daunting. With a proactive approach, a concerted upfront investment and the development of a strategic privacy program, organizations will be prepared to prevent data privacy incidents and ensure compliance with privacy regulations.
Regardless of industry, all organizations that process personal data should address the following:
- Review applicable regulations: Evaluate the organization’s industry and data footprint to determine which regulations apply. Some regulations, such as the GDPR, may apply to the organization even if there is no physical presence in the EU.
- Maintain accurate records: Document the data processing activities the organization is engaged in. In the event of a violation, any penalties you face may be lessened if you can demonstrate the steps taken toward compliance.
- Invest strategically in a data privacy program: Prioritize data privacy activities that are easiest to implement and address areas of greatest weakness. Conduct a cost/benefit analysis to evaluate the risks the organization faces and determine the best use of resources.