Archive for July, 2010

 The Massachusetts Data Privacy Act has been in place since March, and companies are learning more and more how important compliance is going to be.  In their online newsletter, Security Privacy and the Law, Foley Hoag LLC reported on results of the Ponemon Institute and PGP Corporation ‘s Global 2009 Annual Study on Cost of a Data Breach (.pdf) [available directly from EncryptionReports].  Ponemon surveyed companies in the U.S., UK, Germany, Australia and France and found that in 2009, the average cost of a data breach was $3.4 million.  That is $142 per customer affected by the breach.

Unfortunately for U.S. businesses, the survey found that data security breaches In the U.S. were more expensive that in other countries, $204 per customer on average.  The survey found that the existence of breach notification laws, such as the 45 state notification laws adopted in the U.S., correspond to substantially increased costs of data breaches.

The survey’s other findings include:

• The most expensive breach remediation cost one U.S. company $31 million, while the least expensive was $750,000.
• 35% of all breaches involved outsourced data provided to third parties, while 36% of breaches were caused by hackers.
• Businesses that have a Chief Information Security Officer (CISO) incurred reduced costs for data breaches, 21% less on average.