In a world where companies cease striving “to not be evil” – it’s always good to put a dollar figure to everything. Feel free to convert to Euros, Sterling, Francs, and seashells, if you like.
Let’s take a quick look at some of those fines and penalties.
Violations of the EU’s General Data Protection Regulation (GDPR) can result in fines of up to €20 million or 4% of annual global revenue, whichever is highest. Two examples of many – Google incurred €50 million in fines; Marriot €20.4 million.
In 2020, Premera Blue Cross was fined $6.85 million by HIPAA for a data breach involving the records of 10,466,692 individuals.
The Payment Card Industry can impose fines on non-PCI compliant merchants of up to $500,000 per incident for security breaches. Costs of notifying customers of breaches plus costs of recovery can push costs much higher though. It cost Equifax at least $575 million, and Target at least $292 million.
Then there’s the ransomware attacks – where CNA Financial paid $40 million. It makes all of the attention on Colonial’s $4.4 million payout seem trivial, if not for making national news and forcing responses in Whitehouse press conferences… and threatening gas supplies to entirety of the US eastern seaboard.