Data Breaches Are Expensive and They Are About to Get Worse with CCPA
A new decade of technological advancement is upon us. As digital transformation continues to provide many benefits and opportunities to both brands and consumers, cybersecurity issues have turned data management into a very sensitive topic. Legislation such as the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR) have been passed to protect consumers. However, compliance with these acts will end up as the responsibility of business owners.
Data Breaches on The Rise
As your business grows, so do your security needs.
In recent years, data-related hacks, attacks, and other types of breaches have been growing in number. Falling victim to a data breach can result in several consequences. Other than the possibility of incurring hefty fines, you may damage your brand’s image and reputation in the process.
Let’s take the case of Quest Diagnostics.
The clinical laboratory announced that an unauthorized user had acquired total access to their patient database. The hacker was able to gain the medical and financial records of nearly 11.9 million patients, exposing social security numbers, credit card PINs, and bank account numbers. The American Medical Collection Agency (AMCA), the debt collector which handled the company’s data, lost four big business partners and eventually filed for bankruptcy.
Equifax’s breach is another interesting case.
In 2017 Equifax discovered that cybercriminals had hacked into their databases and accessed the private information of over 143 million Americans, including detailed credit card information of more than 200,000 people. The hackers broke through many “security” barriers, including getting access to usernames and passwords stored in plain text, as well as guessing a commonly-used password.
Although Equifax technically didn’t incur any fines because of their actions, the company will end up spending over $1.4 billion on “cleanup costs and data security improvements.” On top of that, many members of their C-suite were replaced. The Chief Information Officer of Equifax U.S. Information Solutions was jailed for insider trading, and Moody’s has since officially downgraded their financial rating. More importantly, Equifax reached a record-breaking settlement with the Federal Trade Commission to spend at least $1.38 billion to resolve consumer claims associated with the breach.
These cases are only the beginning. The consequences of a data breach are about to get even more expensive.
CCPA will Fine Companies for Data Breaches
CCPA applies to businesses that collect consumers’ personal information and do business in California. If a company has gross annual revenue of over $25M, handles information of 50,000 or more consumers, or acquires 50% or more of its annual revenue from selling consumer personal information, it must comply with the regulations of this bill.
Fines will depend on whether your violation was intentional or unintentional.
- Unintentional violation – Maximum fine of $2,500 per violation.
- Intentional violations – Maximum fine of up to $7,500 per violation.
Note that the precise details of what constitutes “per violation” is currently unknown – further clarification by the Attorney General will be provided. With that in mind, fines starting at tens of millions of dollars are expected for larger and mega breaches.
Furthermore, CCPA allows individuals to recover between $100 to $750 on statutory damages. This means that after dealing with regulating bodies, your company is still at risk of being sued by the affected individuals. With 14 other states passing similar data privacy laws, companies will be battling legislation from all corners of the country.
In comparison, EU authorities announced that they are collecting a total of €372 Million from fines they have imposed since GDPR went into effect in May 2018. CCPA may distribute even more penalties than GDPR, given the strong litigation culture in the United States.
Avoiding Data Breaches
There’s no better time to act than now. Several data management violations have already incurred costly penalties, and the trend suggests that these fines will continue to grow.
Since 81% of breaches happen due to a compromised password, the best way around passwords’ inherent risk is to get rid of them. The most secure and convenient authentication method is biometrics. Some benefits include:
- Effortless and intuitive.
- No need to memorize a password or have your phone with you all the time.
- More secure than 2FA and MFA since your biometrics are unique to you.
- Biometrics authenticates the user, not whoever knows your password or has your phone.
ImageWare offers a vast range of biometric solutions including voice, facial, palm, and fingerprint – to name a few. We have turnkey solutions like GoVerifyID that can be implemented in less than an hour as well as SDKs, in case you require a more tailored solution.
With CCPA, preventing breaches is more economical than incurring fines. The penalties for non-compliance will be astronomical, and the non-monetary consequences can damage your business indefinitely.