The cost of privacy breaches

In his talk at Catalyst today technology lawyer Scott Blackmer listed sixteen privacy breaches that have happened since February 2005 and then talked about the impact that these incidents have on business. 

• $2.4 billion was stolen remotely (over the Net) from US bank accounts in 2004, but only $75 million in actual "in-person" bank robberies. 
  
• Six million individuals received some kind of notice that their information had been stolen in in Feb through May of 2005.  This doesn't include the CardSystems data.
  
•  A survey by Cyber Security Industry Alliance found that 48% of people avoid eCommerce due to fear of ID theft.
• A Harris-Westin survey last month found that
  

• 87% of people are aware of breaches
• 20% say they are ID theft victims
• 59% say current laws and practices are inadequate

The Wall Street Journal reports an enduring 1-3% decline in a company's stock price following the disclosure of a breach. 

Scott mentioned the proposed Leahy-Specter bill and a host of state laws that attempt to alleviate these problems.  The concern is that this patchwork quilt of requirements will just increase regulatory burden without really increasing the security of personally identifying information. Of special note was the new Michigan law on protecting SSNs.