A data breach is a type of privacy incident that happens whenever an unauthorised person could have gotten access to someone else’s personal information. They are the result of failing to protect personal information. We believe that people and organisations need to protect personal information to prevent other people and organisations from suffering real harm. Harm is any damage that the data breach causes.

Why do data breaches cause harm?

Data breaches and other privacy incidents damage organisation’s public reputations, existing relationships, and prospects of getting new business because:

  • they have the potential to expose personal information in a public or semi-public way; and
  • the mere prospect of having your personal information exposed affects how you behave.

For example:

Imagine that you are dancing by yourself in your living room. You would probably be fairly uninhibited, not overly self-conscious, and fairly relaxed. Now imagine that you knew there was a surveillance camera in your living room from which your security company could watch you dance. You would have no way of knowing whether they are actually watching you or not at any given moment, but there is always the possibility that they could be. I’m sure you’d dance a little less enthusiastically, that is – if you continued to dance at all.

There is an excellent TED talk where Glenn Greenwald uses the dancing analogy to explain why privacy matters:

In the same way, there is always a possibility that an unauthorised person could have accessed your data subject’s personal information in a data breach. You may not even have any way of knowing whether or not they have.

How do data breaches cause harm?

Public backlash and data privacy legislation punishes the responsible organisation. Data breaches cause harm to the organisations responsible for them by:

  • Eroding confidence from customers – existing customers probably won’t want to carry on doing business with anyone who has failed to protect their personal information;
  • Ruining reputations for new business – new leads or prospects will avoid a vendor or service provider who has a reputation for causing data privacy incidents;
  • Sowing distrust in a workforce – employees are unlikely to trust someone who has caused their personal information to become compromised and may no longer want to work for them;
  • opening themselves up to disciplinary or corrective action from the Regulator – who will have extensive powers when POPI commences;
  • making themselves liable for class actions – where an affected portion of the public bands together and sues them; and
  • requiring themselves to adopt rigorous and expensive information security standards going forward – to prevent more breaches from happening.

What harm have data breaches caused?

A cautionary example of the harm that data breaches can cause is the TJX case from the United States. They are a clothing retailer with many brick-and-mortar stores. One Christmas, unauthorised people gained access to the WiFi network in once of the stores and managed to access customer credit card information:

It is clear that incidents like this cause people and organisations real harm.

What can you do about it?

You can:

Interested?

If you are interested, please complete the form on the right or enquire now. We will contact you to find out more about your requirements and give you a quote.