What was the cost of that data breach?

Saturday, 14 April 2007
Data LossFor those of you out there who own a paddling/guide school, you collect lots of personal information including registrations, waiver/medical forms, payment information, etc. That information really ads up.

In the old days when everything was done on paper and stored in big unorganized filing cabinets, it was difficult for it to fall into the wrong hands. Outside of a break-in, it was fairly safe. Now that almost everything that we do is in some form or another in electronic form, it is much easier to have your client's data lost or stolen. It could be as complex server hack or as simple of you leaving your laptop at the local Starbucks. It happens, all the time. I recently had a conversation about it with my local coffee slinger...

It seems fairly obvious but this stuff can be valuable to somebody who might want it. Have you stopped to think of how much it could cost your company if you had a data breach? I know you are thinking, "I own a really small business and I only teach a small number of clients a year". It would cost me nothing. You're wrong.

An insurance company has come up with a calculator that lets companies estimate their financial risk from data theft. Darwin Professional Underwriters, analyzed data from media reports and other sources to come up with algorithms for the calculator.

According to the calculator, it could cost you on average of $166,272 if you only lose 1000 records. A good chunk of it is eaten up in what they call "Call Center Notification" ($12,720) but take that out and you are still left to pay $7,000 lawyer fees and $57,840 for Credit monitoring for affected customers. Remember, that is only for a 1,000 people!

Take stock of how many records are in your database. You need to be careful.

How can we be more careful? First you need to come up with an internal plan to keep your clients data safe. Don't post stuff on your server what is sensitive unless it is triple secure. Develop policies and train your staff on the importance of client data security and the confidentiality. Keep access to these records to a minimum number of staff. Hire a lawyer or consulting company to review your policies and procedures and help determine any gaps. It is way cheaper in the long run.

Finally, stop thinking of yourself as a smalltime mom and pop shop. You might no be as big as Microsoft but the data you carry around is just as important. With data collection and retention laws today so strong, don't bet your business on a data loss. Guaranteed, you will loose.
David Johnston

David Johnston

David Johnston has been introducing people to the sport of sea kayaking for the past 15 years. He is a senior instructor trainer with Paddle Canada and teaches for several paddling schools in Ontario, Canada. Full Bio.

Strategic partner

Paddle Canada Logo