Photo by Arlington Research on Unsplash

Data privacy and security are a big deal. When you’re in possession of a customer’s data – even just their email address – you’re responsible for securing that data at all times. If a customer’s private information is leaked in a data breach, you’ll be on the hook for financial penalties and possibly legal prosecution.

It’s not enough to rely on antivirus software or strong passwords. Complete data security is accomplished through two avenues: information security and information privacy.

What is information security?

This post explains that information security involves business practices used to “protect information and infrastructure from unauthorized access and attacks.” This can include, but isn’t limited, to the following:

·  A strict information security policy (with enforcement)

·  Access control by user

·  Firewalls

·  End-to-end encryption

·  Antivirus software

·  Physical datacenter security

· Company training

· And more

Data breaches aren’t always caused by random criminals; they’re often caused by malicious insiders.

What is information privacy?

Information privacy involves maintaining control over an individual’s personal data, like their name, email address, and personal health information (PHI). An example of this would be the way the General Data Protection Regulations require companies to delete all personal data upon request.

Information privacy is maintained in the following ways:

·  Employing policies that adhere to data privacy regulations

·  Encrypting client data on the server

·  Restricting how, when, and where employees can access and manage client data. For example, not allowing doctors to text their patients and requiring them to use a secure, private software application.

Maintaining information privacy has several overlaps with maintaining data security. However, they are both necessary to provide complete data protection.

What are the consequences of data breaches?

Data breach consequences aren’t light. There are both short-and-long-term consequences that can harm your business. For example, you might have to deal with fines, lawsuits, and a tarnished reputation.

According to statistics published by Security Intelligence, 60% of small-to-medium-sized businesses will shut down within six months of a data breach. Larger corporations usually stay in business but still suffer financially.

1. Data breach fines

Depending on which laws are breached and to what extent, fines can range between several thousand dollars to several million dollars. For example, Equifax was fined $575 million in 2017, Amazon Europe was fined €746,000,000 in 2016, but many GDPR fines range from €2,000-€5,000.

The courts don’t take your income into account before handing out fines. If the breach is massive, you can expect a massive fine.

Sometimes fines are reversed

Sometimes, but not always, data breach fines are reversed. For example, The University of Texas MD Anderson Cancer Center was ordered to pay $4.3 million in fines for three data breaches that exposed the personal health information of more than 33,000 patients.

However, the Fifth Circuit Court of Appeals reversed that decision. The court held that HIPAA doesn’t mandate “bulletproof protection,” and found that the organization had sufficient security measures in place.

If you adopt strong data security measures and still experience a data breach, you’ll probably get fined. However, you can appeal the court’s decision.

2. Data breach lawsuits

Once you deal with fines, you might face some lawsuits filed by other businesses or consumers whose data were exposed. Most individuals won’t sue after a data breach, but a class action lawsuit is a possibility.

3. A tarnished reputation

Naturally, after a data breach, your business’ reputation is going to suffer. Even if the breach was small, your customers and business partners will start to question your ability to maintain data security.

If your reputation is damaged following a breach, you can expect some customers to be upset and potentially stop doing business with you. As word spreads, you’ll probably lose some sales. 

However, if your brand is popular, you’ll probably recover.

4. Lost revenue/added expenses

After a data breach, you can expect lost revenue. However, it won’t just come from one area. In addition to paying fines and potentially losing lawsuits, online stores will lose sales from downtime.

You can also expect to pay experts to clean up the mess, and if you have salaried employees, you’ll have to keep paying them, even when they don’t have work to complete.

Protect your data with secure systems

If you haven’t already, tighten up your data security efforts by implementing secure systems and policies. For example, use a secure file sharing and storage platform instead of emailing company files.

Also, make sure your information security policies are strictly enforced and verify that you’re in compliance with U.S. data privacy laws.

Finally, encrypt your data end-to-end. You can’t prevent every data breach, but when your data is encrypted, it becomes useless to cybercriminals.