Why is it important to protect personal information?
The short answer is it will cost your business more money than it will be to safe guarded. In California any business who computerizes data that includes protected personal information, will have to disclose a breach of security of what data was stolen to a resident of California. The breach notice must be made as soon as possible without delay. If the breach involved more than 500 cases a copy of the of the security breach notification needs to be submitted to the California Attorney General. On average a single compromised record will cost the organization $225 in the United States. If you do the math five hundred breaches will cost about $112,500 if the average is $225 per stolen record. However, lets break it down the common monetary and non-monetary costs.
Monetary damages for small businesses include:
- Lawyer Fee’s
- Mandatory forensic examination: Average cost $20,000-$50,000
- Notification to victims:
- Credit and identity monitoring for victims of breach for up to a year
- Setting up call center for victims:
- Liability for fraud charges lawsuits
- Card replacement cost: Yes, card issuers can charge you for this. Average cost $3-$10.
- Upgrading or replacing POS system (depending on what is discovered as cause of breach)
- External Qualified Security Assessor must be brought in to look at new POS system before your business can accept electronic payment and do a complete reassessment for PCI compliance.
Non-Monetary damages for a small business include:
- Reputation damages
- Losing customers
- Bad Press
 2017 Cost of Data Breach Study https://www-01.ibm.com/marketing/iwm/dre/signup?source=urx-15763&S_PKG=ov58441
 Firstdata. Small_Businesses_Cost_of_a_Data_Breach_Article https://www.firstdata.com/downloads/thought-leadership/Small_Businesses_Cost_of_a_Data_Breach_Article.pdf