Sony's hellish hack

Company faces consumer complaints, government scrutiny for data security breach.

See the Online Exclusive, "Other Breaches."

Risky Business

According to the Privacy Rights Clearinghouse, a non-profit consumer education organization, businesses and governmental and educational entities have reported more than 2,500 data breaches involving nearly 600 million records since 2005. The Open Security Foundation, a non-profit organization that provides information about data security risks, says that organizations  have reported 210 breaches so far this year. And according to the Federal Trade Commission (FTC), nearly 9 million Americans are victims of identity theft every year.

Reporting Rules

The rules for reporting data breaches vary across the country. In sum, 46 states and Washington, D.C., have disclosure laws that require organizations those whose personal data was compromised as soon as reasonably possible. (Only Alabama, Kentucky, New Mexico and South Dakota currently do not have notification requirements.) Organizations must report breaches to affected individuals according to the disclosure laws of the state in which the individual resides, which can be complicated.

Calculating Costs

The cost of a data breach is multifaceted and can be difficult to estimate. It depends on the extent of the breach and  the type of information exposed. Many data security experts say companies pay $200 on average per record lost.

Ashley Post

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.