Apologies Are Not Enough When You Get Breached

Apologies Are Not Enough When You Get Breached

A data breach is becoming many company’s worst nightmare. The personal information of your valued customers is leaked, and suddenly you find yourself in the crosshairs of a lot of angry people. Before you know it, all of those formerly happy clients want your head.
In the past, the whole situation might be cleared up with a heartfelt apology, a promise to do better, and an offer of free credit monitoring. Today, that’s no longer the case.  Customers are fed up. The GAO says credit monitoring is pretty worthless. It’s time to take data privacy seriously.

Small businesses might think they are immune. They would be wrong: their customer data is valuable and they are being targeted. Breaches often mean they are soon out of business. But there are some ways to put the odds in your favor. You won’t find a more cost-effective approach than PrivacyPlan.

An Explosion of Data Breaches and Lawsuits

CareFirst (Blue Cross Blue Shield) of Boston announced the theft of 1.1 million healthcare records in 2015. If breached medical records cost companies $380 each a recent Ponemon study indicates, CareFirst may end up losing close to half a billion dollars on this data breach. Right now they are fighting a class action lawsuit and losing. They have recently appealed to the Supreme Court.
Employees of Lincare Holdings, a respiratory therapy supplier, discovered that their personal information was emailed to a third party and have brought suit.

These days, it seems like there’s a new data breach in the news almost every day. People have begun to pay attention, and they’re demanding that companies take better care of their personal information.

The Rise of Class-Action Lawsuits

As the number of data breaches has skyrocketed, consumers and employees alike have begun to get angry. An apology and two years of free credit monitoring aren’t enough. Today, when a company suffers from a data breach, they’re very likely to find themselves embroiled in a class-action lawsuit.
Equifax was breached and then faced 240 consumer lawsuits seeking class-action status. If that wasn’t bad enough, Attorneys General from 50 States demanded information, along with a slew of federal regulators.
When Sonic Corp. announced the theft of upwards of 5 million credit cards, the first lawsuit was filed within 24 hours. People are no longer willing to sit idly by when a company fails to protect their personal information.

While most small businesses need not worry about class actions, shifts in legal ruling mean they are more exposed to data breach lawsuits than ever before. You don’t have to lose a lawsuit to lose a lot of money or customers.

Consumers Want More

What consumers really want is to know that you have not been taking them and their data for granted. If you have taken precautions to protect data and still get breached you have a good story to tell your customers – and a judge or jury if your customers don’t believe you. But if you haven’t effectively protected that data and you get breached, your customer may be out for blood.

A great way to reduce your risk of breach while showing consumers your privacy intent is to get certified. PrivacyPlan can help quickly and cost-effectively.

New Legislation to Protect Consumers

Governments are now taking the matter of data protection into their own hands. In the European Union, the General Data Protection Regulation (GDPR) took effect in May 2018. This affects US companies too if any of their customers reside or make purchases while in the EU. The GDPR also affects any company that does business with data collection and processing companies in the European Union. If you fail to have a Data Protection Officer (DPO) in place to satisfy these regulations, your company faces huge fines.

Protect Your Business

Unfortunately, many companies don’t have a current employee with the knowledge and credentials necessary to be assigned as DPO. That is where our Stand-In Privacy Officer service comes in. We can act as a third party providing DPO services, ensuring that your company is fully compliant with all GDPR regulations. What’s more, we’ll ensure that your customers’ personal information remains secure.

Share this post