October 1, 2013 IT Law Alert

How Much will a Data Breach Cost Your Company? Keeping sensitive data secure can be an overwhelming task. Even more daunting, however, is the cost and potential liability associated with a data breach.

Natural Provisions, a small Vermont grocery store, agreed to pay $30,000 resulting from a 2012 breach of its customers’ credit card information. After learning of the breach from local police, the store waited for over a month to start remedial action of the security vulnerability. They also violated the state’s breach notification law by failing to notify the state attorney general’s office within 45 days.

Natural Provisions agreed to pay civil penalties of $14,938 and to purchase specific security technology costing $15,062. In addition, the store must implement and maintain a comprehensive information security program and will be subject to periodic audit by the state attorney general over the next three to five years.

The total cost of a data breach is often significantly higher than any civil penalties that may be imposed. According to the 2013 Ponemon Institute/Symantec Cost of Data Breach Study Global Analysis, the average cost to a U.S. business for a compromised record is $214.00 and the average total cost of a single data breach incident is $5.4 million. Read the Natural Provisions order here. and the Ponemon Institute/Symantec white paper here.

Contact us at Ossian Law P.C. for help in responding to (or, better yet, avoiding) data breaches or any other information technology law question.

 © 2013 Ossian Law P.C.