Many firms are vulnerable to data privacy compliance infractions in their
Records Information Management (RIM) practices. The impact of non-compliance
can mean stiff penalties and damage to your reputation.
A benchmark study of breaches at 51 organizations found that the average cost of a data breach in 2010 was $214 per record, making it the fifth year in a row that such costs have risen according to the California Office of Privacy Protection.1 The study found that direct costs, such as printing, postage and legal fees, accounted for 34 percent of the total cost. Indirect costs, primarily lost customers, represented 66 percent. The study also found that for the first time, malicious or criminal attacks, which accounted for nearly a third of the incidents, were the most costly. Such breaches cost an average of $318. The impact of a data breach on reputation can also be significant. In a 2011 study, senior-level managers estimated that the loss or theft of confidential customer information diminished the value of their brand by an average of 21 percent and restoring the damaged reputation took an average of a year.
The U.S. federal government and most state governments are now requiring organizations to have strict security mechanisms in place for protecting consumer personal information. Failure to do so can often result in costly penalties. Leading the way in 2002, the state of California enacted a bill named Senate Bill 1386 which has strict consumer protection rules for companies that do business in that state. Many other states have enacted similar laws.
PCI Data Security
The Payment Card Industry (PCI) has developed a data security standard for protecting cardholder information (e.g. credit card numbers). This standard encompasses a wide array of recommended security mechanisms, including firewalls, password policies, encryption and key management.
Title II of HIPAA, the Administrative Simplification (AS) provisions, establishes national standards for addressing the security and privacy of health data. It establishes regulations for the use and disclosure of any information concerning health status, provision of health care, or payment for health care that can be linked to an individual.
The Sarbanes-Oxley legislation is wide ranging and establishes new or enhanced standards for all U.S. public companies and public accounting firms. As a result of this legislation, IT departments must place strict controls and mechanisms in place to provide for the security, accuracy and the reliability of the systems that manage and report financial data.
Gramm-Leach-Bliley Act or GLB Act, includes provisions to protect consumers’ personal financial information held by financial institutions. The GLB Act is administered and enforced by State and Federal agencies. Under the GLB Act, financial institutions must show proof of their efforts to protect their customers’ financial information.
Allow 2Shred & 2FileIt to help you with your document management needs.
Document management - the capture, storage and retrieval of documents - can make a major impact for your organization. With or without a document management solution, your organization already captures, stores and retrieves documents every day. For many organizations, this process is amazingly time consuming and too often ignored.