It’s 2019, and data breaches are becoming increasingly common, and more expensive to remediate, every year. IBM just released its annual findings, which state that the average cost of a data breach is $3.9 million USD, and the average cost per record lost is $150 USD per person.
In terms of your time, the report suggests it takes 279 days to identify and contain a breach, and 314 days is the life cycle of a malicious attack from breach to containment.
It is now being armed with these alarming numbers that you can evaluate what the cost of a data breach might be for your organization, in terms of time and money. With these estimates in mind, it’s also worth evaluating the benefit of collecting personal information, in comparison with the liability.
For most organizations, unless you have IT security experts, privacy experts, and compliance experts on staff, and even then, the liability risk may not outweigh the benefits of managing personal information.
One way of resolving this, is outsourcing the compliance and data management to a third party whose expertise is this — allowing you to focus on your line of business — what you do best, and not trying to be data protection experts at the same time.
The way we’re handling this as a service offering is novel. We can work with your team to ensure your compliance needs are met, while fully masking the identity of your users. This gives you an edge up on your competition in terms of a market differentiator. You can state that because you don’t have the personal information of your customers, you don’t actually care if/when a privacy breach happens as a business — and your customers need not to worry either.
Imagine next month you discover you have a data breach at your organization — and you now have to notify your users, as well as the the various privacy regulators of the the breach:
1) No personal information of our customers was compromised, as we don’t even collect it.
2) We have been compromised, and will begin the lengthy and expensive process of determining the extent of the breach, how much of your personal information was exposed, and once that is determined, will notify you of what we need to do to resolve it.
Obviously the preference, and most responsible response would be #1. This may not be obvious to you on how we can offer this in a secure way that your customers don’t need to trust us either, only themselves, and I’d be glad to answer any questions you have on how we can resolve this for you.