In a prior column, we discussed the inevitability of technology-related accidents occurring at virtually every company. One particularly common mishap is the loss of customer, client or employee data. These data breaches may present a substantial problem for organizations, as the number of discrete records lost often runs into the hundreds, thousands or millions. Even if there is no evidence of actual misuse of the lost data, the costs to provide legally required notice, together with the potential cost of mitigation efforts such as providing credit monitoring, quickly mount. If the breach is sufficiently serious to interest regulators such as the Federal Trade Commission or a state’s attorney general, then costs associated with investigation, defense and, potentially, future mandatory compliance and fines further add to the data loss burden.
Many people think of data loss as the work of hackers, offshore data thieves and other external threats. But, as Pogo once said, “We have met the enemy, and he is us.” The vast majority of data loss events are an inadvertent, or sometimes intentional, “inside job.” If your organization experiences data loss, it will most likely be an employee, not an external actor, who caused the loss.