Wednesday, June 29, 2005

The cost of privacy incidents -- costs avoided by effective data governance

Bank Systems & Technology is running an article that discusses the cost of privacy breaches. Notification can cost $25-30 per customer, and then add $25 per for credit monitoring. Class action lawsuits, even if won, cost millions. The cost to reputation is impossible to calculate and can be devastating to a company.

Effective data governance is the key to avoiding these problems in the first place and strong, proactive responses to incidents are the way to mitigate these losses.

The article is online here:

Bank Systems & Technology : Lost Data Tapes Likely To Be Costly for Citi:

"Lost Data Tapes Likely To Be Costly for Citi

...

Costly Mistake

As it stands, however, the incident will cost Citigroup significant money to remedy, starting with the need to assuage affected customers. "The average cost of notifying a customer of a breach is anywhere from $30 to $50 per customer. Then, the monitoring of credit records is an additional $25," relates Maureen Kelly, director of product marketing for security technology firm Vontu (San Francisco).

Citi - and other banks - could go even further toward making the customer feel safe - and that's not a bad idea, notes Vytas Kisielius, president of communications solutions provider Adeptra (Norwalk, Conn.). Kisielius compares the current public relations opportunity to Johnson & Johnson's handling of the Tylenol poisonings in 1982. When consumers no longer trusted its product, J&J responded with tamper-resistant packaging. "They made their customers feel completely safe and secure in their relationship that they had with the company," says Kisielius.

But the cost of reaching out to customers can pale in comparison to the legal costs involved with responding to class-action lawsuits. "You're talking six figures to read the complaint, seven figures before you get to a court," asserts Kevin Kalinich, national managing director for technology and professional risks, of Aon's (Chicago) Technology and Telecommunications Group. Aon offers extensions of "errors and omissions" insurance that cover both indemnification and defense costs of third-party claims or losses due to litigation.

The litigation expenses would kick in even if the defendant has a solid defense. "It'd be very hard for anyone to prevail on a lawsuit, unless they could prove actual harm and they could show it traces back to this security breach," notes Fred H. Cate, director of the Indiana University Center for Applied Cybersecurity Research.

But, "The greatest single cost is in the press disclosure," continues Cate. "Do people think less of Citibank, or, if you're a Citibank customer, are you going to be more likely to move [to another bank] now?"

No comments: