Records Mis-Handling and Data Breaches: Cheaper by the Hundred-Millions?

Just a bit more than two years ago, I calculated the penalty of mishandling medical records from more than 67,000 people to be $2.09 apiece. Then this morning, reports arrived saying Target has agreed to settle a class-action lawsuit related to its 2013 data breach for what comes to 25¢ for each of the 40+ million credit cards compromised, and only 9¢ for each of the roughly 110 million affected cardholders.

If the decline indicated by these two datapoints prove out, does it mean that the cost associated with these sorts of lapses in governance is coming to be a simple cost of doing business? And if it does, what affect will that have on our ability to bring greater discipline to the practice?

The sheer number of victims involved in the Target case means the company will, pending federal court approval, establish a $10 million fund to cover the payouts. While this isn’t peanuts, it hardly registers as a percentage of the company’s total revenue of $72.6 billion and represents barely one-half of one percent of Target’s net earnings of $1.97 billion.

So what say you? Are these figures small enough drops in the ocean to be meaningless to corporations? Or is the scope of the problem growing large enough to command the kinds of attention we know governance demands?

About the author: Steve Weissman

Steve Weissman helps you do information right by bringing order and discipline to your governance and process practices. Principal Consultant at Holly Group and Co-Founder of the Information Coalition (now merged with ARMA International), he leverages a proven proprietary methodology to optimize everything from strategic planning and needs assessment to vendor selection and user adoption. He is, in short, The Info Gov Guy™, furthering best-practices for finding, leveraging, and protecting your business-critical information. A member of the AIIM Company of Fellows and holder of numerous industry designations, he can be reached at or 617-383-4655.

Leave a Reply

Your email address will not be published.