One of the key examples I use when talking about the importance of data encryption is the value of the data that could potentially be exposed. Is a $900 laptop worth the $1 million or more of liability potential if it’s unencrypted and lost or stolen? It turns out I was wrong – the average settlement is much higher, and that’s a good thing.
There’s a great article over at SC Magazine online that talks about the increase in lawsuits over data breaches. There’s an opportunity for lawyers to capitalize here and they’re making the most of it trying to set legal precedent in the U.S. as more and more data breaches occur.
Typically what we hear about when a data breach occurs is the mea culpa of the company followed by what they’re going to do to address the risk to customers. This usually involves paying for one to three years of identity theft protection for those affected. However, this is usually only done by companies being proactive. Many others try to avoid the issue altogether and pretend it didn’t happen. That’s starting to bite them in the behind.
While lawsuits have historically been unsuccessful there’s more precedent being set and organizations that don’t protect their data need to pay attention:
“About a year ago, the 11th U.S. Circuit Court of Appeals in Atlanta, in a 2-to-1 decision (PDF), sided in an unprecedented fashion with claimants’ allegations of unjust enrichment in a breach involving Florida health insurer AvMed, from which two unencrypted laptops, containing the personal information of 1.2 million customers, were stolen. Among its decisions, the court held that the premiums AvMed members pay to the company includes an expectation for the protection of personal information.”
As I mentioned, companies that are more proactive in nature when dealing with the aftermath of a data breach tend to face less backlash by being open, honest and transparent while offering to help potential victims.
Those that don’t – and this is the stat that really sticks out here – tend to enter litigation and more often than not settle to ‘sweep the matter under the rug.’ The cost of that cleanup according to the article can be as much as $7 million.
That’s right, the loss of that simple, unencrypted piece of $900 hardware could cost a company up to $7 million. Adding a piece of encryption software could prevent a $7 million liability.
So the question is if you’re not encrypting your data today, what’s stopping you?