Earlier this month I wrote a blog about it being ‘A new year, same mistakes.’ Little did I know that things would continue to snowball with more data breaches – specifically in Canada – happening as a result of unsecured removable media.
I’m not here to chastise the Canadian Government agencies about how they manage data, but the most recent developments of the Canada Student Loan data loss, brings to light the risks associated with not securing data; specifically, the external financial risks of such a loss.
Last week it was announced that two class-action lawsuits are being filed against the Government over the loss of the more than 500,000 student loan records. When I typically present to customers and partners, we talk about the risks of data loss and theft and regularly explain that it’s more than just the cost of the device and the information contained there’s much more at risk when data isn’t properly protected.
These class action lawsuits are a prime example. Right now a removable hard drive, that could cost as little at $50 to replace, went missing. The loss of that device now will include the cost of an internal government investigation, a RCMP investigation, time spent to reach out to all affected people and more. That’s just the immediate cost to the Government. This doesn’t count the damage to the reputation of the Human Resources and Skills Development Canada and now two separate lawsuits that the Government will likely incur legal costs for and potential damage claims as a result.
The fallout could cost the Government a few thousand dollars or a few million depending on how things turn out. This is all happening because one hard drive was lost and the data wasn’t encrypted. If the data were encrypted, the government could say that despite the loss, the data remained secure and there is no risk to the public.
We’ve talked about the total cost of data encryption constantly over the past year and we’ve worked to demonstrate the main businesses costs associated with it. The toughest part to quantify is the outside costs associated with data breaches. These can increase exponentially depending on the information lost and the scope of that information. In this instance, ultimately, the taxpayer will end up footing the bill for the mistake.
However, if you’re a business and this were to happen to you, could you afford to deal with the fallout? The question businesses – and any organization that manages this kind of data – need to consider is whether or not it’s worth the risk of not encrypting and securing data. In every case, the answer should be no.
I’ve said it before and I’ll say it again, the costs that could be incurred as a result of a data breach far outweigh the cost to deploy a data encryption and security solution.