Privacy Data Breach Prevention in the Workplace

 
 


 
OVERVIEW
 
All businesses are vulnerable to Privacy Data Breaches and Identity Theft Lawsuits. If a Privacy Breach occurs, your organization could face:

Data Breach Notification Costs:

  • For example - $197.00 for each person notified:
    Cost for just 1000 customers = $197,000.00 ! 
     
  •  TJX = $256 Million! (and counting)
  • As of October, 2007, the Veterans Administration had spent more than $20 million to respond to its latest data breach, the breach potentially puts the identities of nearly a million VA patients and their physicians at risk.

PR Nightmares

Substantial Jury Awards:

  • Bell v. Michigan Council = $275,000
  • Equifax = $351,000
  • CS Stars = $60,000

Fines & Penalties:    

  • FTC = Imposing fines of $2,000 (for each identity breached)
  • Choice Point = $15 Million (and counting)
  • American United Mortgage Company = $50,000 for unsecured documents
    in dumpster

Forced Independent 3rd-Party Data Security Audits:

  • BJ’s Warehouse (biennially for 20 years)
  • Designer Shoe Warehouse (biennially for 20 years)


As much as 70% of all privacy data breaches originate in the Workplace. Identity theives target businesses - your business - because that's where personal identity information is often most neglected - and least protected!
 

While some publicized incidents have resulted from attacks on electronic information systems, the overwhelming number of privacy incidents stem from the unauthorized access and neglect of paper records such as employment applications, credit requests, student, client, patient and customer files, and other physical forms of data.

Privacy data breaches cost businesses over $53 billion annually, and major incidents have occurred in the education, retail, government, pharmaceutical, manufacturing, healthcare, banking, credit, telecommunication sectors, just to name a few.



* In a recent data security survey of over 700 people:   

  • 62 % had received notice that their personal identity information had been lost;
  • 84% of those recipients had reported increased anxiety due to the data loss event; and     
  • Over 60% said that they would be more upset with a company if their information had been lost as a result of carelessness rather than because of theft.- Compliance and Privacy.Com, June 2007


See the Statistics Page

For example, although HIPAA provides protections which shield patients’ health information, HIPAA does nothing to protect the identity information of the EMPLOYEES, VENDORS, and CONTRACTORS working at that medical facility.

See Legal Risks & Laws Page

Where Is An Organization Vulnerable?


  • Employment records
  • Customer records
  • Student files
  • Client files
  • Patient files
  • Records cabinets
  • Data entry
  • Personnel computers
  • E-mail
  • Office equipment - copiers / faxes, etc.
  • Laptops / Thumb drives, etc.
  • Garbage bins


 * See our Breach of the Week page


How Is An Organization At Risk?


 

  • Absence of Prevention Best Practices and Procedures
  • Unauthorized PII Access by Temp Employees; 3rd Party Contractors (cleaning crews, Vendors (deliveries, etc.)
  • No policies and/or ineffective, outdated policies
  • Lack of staff awareness, sensitivity
  • Lack of Compliance Enforcement


Your Organization is Responsible Now!

Practically all states have enacted laws holding businesses liable in the event of a careless breach. In California, for example, the law requires all companies doing business that own or possess Personal Identity Information (PII) must have a prevention plan in place to properly protect this vital data - Civil Code §1798.81.5  (And Massachussetts' new Data Security Regulations become effective January 1, 2009).

These new laws are in addition to Breach Notification Laws, as well as substantial penalties and fines which are already being enforced by the FTC - ($2,000 per identity that is wrongfully accessed).

All of these efforts are being enacted to compel businesses and organizations to take reasonable measures to reduce the risks of Workplace Identity Theft and properly respond in the event of a breach.

Taking action now is just smart business.


That's where the Certified Privacy Professionals at JMC Privacy Consulting Group come in.

With the help of JMC's Privacy Experts, you can tell your employees, customers, clients, students, business partners, stakeholders, law enforcement, the media, that you have taken all reasonable prevention steps to eliminate the risk of privacy data breaches. And should a breach happen, you can describe how pro-active your company was in trying to prevent the breach, and you will be ready to respond quickly, with confidence and clarity.


JMC's Privacy Professionals are committed to helping your organization reduce the risks of privacy data breaches that lead to identity theft. We stand ready to help you enhance your privacy data risk management policies and best practices.


Please see our About Us / Bios page

 
Member:
    

 
 
JMC Privacy Consulting Group
Data Privacy Professionals

Protecting Identities . . .
. . . One Business at a Time


JMC Privacy Consulting Group
3835 R E. Thousand Oaks Boulevard
Suite 119
Westlake Village, California 91362
805-230-2545
info@jmcconsultinggroup.com

Back to Home Page
 

Professional Web Site Powered by Bold Business Tools