According to the annual Ponemon Institute survey report released March 8, 2011 in 2010, U.S. companies affected by data breaches incurred an average cost of $7.2 million per incident.  (In comparison, in 2009, companies reported an average cost of $6.75 million).  The Ponemon survey identified a number of other interesting trends:

  • Companies are responding to data breaches and notifying individuals more quickly than in years past, but that corresponds to higher costs for companies.
  • There are fewer breaches due to systems failures, lost or stolen devices and third-party mistakes, but more than a third of all breaches involve malicious or criminal attacks. 
  • The drop in breaches from systems failures may be related to increasing efforts on the part of companies to prevent and mitigate breaches through new and increased use of security technologies, such as encryption, and compliance with security policies. Additionally, more organizations are putting Chief Information Security Officers in charge of breach response.

Parallel with industry efforts to respond to data breaches, a number of state legislatures — including Colorado, Hawaii, and Illinois — have been reviewing and considering amendments to their breach notice laws.  We will continue to monitor and provide updates on those developments.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Libbie Canter Libbie Canter

Libbie Canter represents a wide variety of multinational companies on privacy, cyber security, and technology transaction issues, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with global privacy laws. She routinely supports…

Libbie Canter represents a wide variety of multinational companies on privacy, cyber security, and technology transaction issues, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with global privacy laws. She routinely supports clients on their efforts to launch new products and services involving emerging technologies, and she has assisted dozens of clients with their efforts to prepare for and comply with federal and state privacy laws, including the California Consumer Privacy Act and California Privacy Rights Act.

Libbie represents clients across industries, but she also has deep expertise in advising clients in highly-regulated sectors, including financial services and digital health companies. She counsels these companies — and their technology and advertising partners — on how to address legacy regulatory issues and the cutting edge issues that have emerged with industry innovations and data collaborations.

As part of her practice, she also regularly represents clients in strategic transactions involving personal data and cybersecurity risk. She advises companies from all sectors on compliance with laws governing the handling of health-related data. Libbie is recognized as an Up and Coming lawyer in Chambers USA, Privacy & Data Security: Healthcare. Chambers USA notes, Libbie is “incredibly sharp and really thorough. She can do the nitty-gritty, in-the-weeds legal work incredibly well but she also can think of a bigger-picture business context and help to think through practical solutions.”