By: jason

jason — Sat, 14 Aug 2010 03:03:34 +0000

I’m not sure if I simply read the article wrong, or if I’m just interpreting it the wrong way. Maybe I’ve just been more of a traditionalist when it comes to business, but isn’t this sort of fine a bit imposing on most companies?

I’ll just throw it right out there that I’ve never been a fan of government meddling in corporate policy. However, I would understand if the fine was simply a way of protecting clients from sloppy handling of data by their contractors.

By: John Mello

John Mello — Thu, 29 Apr 2010 21:29:06 +0000

Hefty fines, if enforced, may, as you note, induce organizations to improve their data protection policies. Fines, though, are not uniformly imposed and their final disposition can take ages to arrive at. A less onerous but more effective way to deal with this problem may be the course chartered by many states in the United States. That is, requiring that data breaches be reported and made public. According to a study released this week by the Ponemon Institute, organizations in countries with breach notification laws paid dearly for each record they lost, compared to those that did not have such a law. In the U.S., for example, the average cost of a lost record was $204, with 66 percent of that attributed to lost business. On the other hand, in the UK, which does not have a notification law, the average was $98 per lost record. A business may be willing to roll the dice on whether or not it will be fined for a data breach, but it will be less inclined to play roulette with its business revenues.

Comments on: You just lost yourselves £500,000 for being reckless

By: jason

By: John Mello