Your marketing research company has just suffered a major data breach. Welcome to your worst nightmare scenario. You are (appropriately) concerned about the potential legal damages from lawsuits, not to mention the big bucks you will pay to hire lawyers to defend you.

But all this does not fully factor in all the real costs of a data breach – the costs associated with adhering to data breach notification requirements of the various states, the obligatory payment of a year’s worth or so of identity theft services for all those people whose records were breached, and the necessary hiring of a public relations firm to help you limit the damage to your brand

The Ponemon Institute, a world-leading privacy and data security think tank and market research firm (where I am a fellow), recently released its annual study on the “true cost” of a data breach. In the United States, the cost of a data breach per record comes to $217 per record. Think about that. A data breach involving a relatively small number of unique records (say 1,000) still comes to a quite material $217,000.00 to address. And, of course, upping the numbers to a still somewhat more realistic 10,000 records breached pushes the exposure to over $2 million.

This is why it is necessary for marketing research companies to limit their risk of being the subject of a data breach, such as by using appropriate encryption, involving employees in data security efforts, and disposing of data after it is no longer needed.

This information is not intended and should not be construed as or substituted for legal advice. It is provided for informational purposes only. It is advisable to consult with private counsel on the precise scope and interpretation of any laws/regulation/legislation and their impact on your particular business.