Networking

02:43 PM
Connect Directly
RSS
E-Mail
50%
50%

The Small Penalty For Big Data Breaches

Confidential customer information is precious but many large public companies that have experienced data breaches in recent months pay only a small price in fines and the impact on their

Confidential customer information is precious but many large public companies that have experienced data breaches in recent months pay only a small price in fines and the impact on their financial performance for failing to protect this data.

"Paying a couple million [dollars] in a fine to the Federal Trade Commission and another couple million to send notices out [to victims] is nothing," says Christine Varney, head of the Internet practice group at Washington, D.C. law firm Hogan & Hartson. "It's irrelevant. It's a cost of doing business."

Varney, who served as a Federal Trade Commissioner for five years in the 1990s, says she has defended or counseled many companies that have mistakenly disclosed personal data like Social Security numbers, bank account numbers and driver's license numbers. She spoke last month at the Identity Mashup conference at Harvard Law School in Cambridge, Mass. Varney does not believe that data breach notifications mean much to victims because the companies that hold the data do not bear financial responsibility for disclosing it. "Do I think the vast majority of Fortune 1,000 consumer-facing companies take it very seriously? Absolutely not. They are the people in my office after they get caught," Varney says.

Varney says the companies give "no thought to the value that they need to place on the security of data they hold."

Their mistakes certainly haven't made a dent in their earnings, at least according to financial statements filed by three public companies that have committed data breaches. Business is booming for shoe retailer DSW Inc., of Columbus, Ohio, which allowed hackers to gain access to credit card, debit card, and checking account information of more than 1.4 million customers in the March 2005. The company has since settled with the FTC, but in its quarterly report filed April 13, DSW had this to say: "Although difficult to quantify, since the announcement of the theft the company has not discerned any material negative effect on sales trends it believes is attributable to the theft." In fact, sales and profits are up. DSW's net income was $37.2 million on net sales of $1.1 billion for fiscal year 2005, which ended January 28, 2006. That compares with net income of $35.0 million on net sales of $961.1 million for the same period of the previous year. The 2005 results included a charge of $6.5 million for losses associated with the data theft.

Previous
1 of 4
Next
Comment  | 
Print  | 
More Insights
Audio Interviews
Archived Audio Interviews
This radio show will provide listeners with guidance from Dell Storage experts, who can help you explore ways to simplify workload management while achieving a balance of price and performance.
Slideshows
White Papers
Register for Network Computing Newsletters
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Video
Twitter Feed
Cartoon