Open the news and there is bound to be a tsunami of new privacy and security incidents being reported. This type of news produces differing effects to the average citizen. Responses range from outrage to confusion and information overload. We are all impacted by these incidents and the potentially long aftereffects such incidents often create, whether we are individually impacted or we are impacted indirectly through the organizations we entrust our information with, accepting whatever the computer system provides.

We could write an entire book on the impacts to individuals and may at some point in time. However for brevity we will focus on organizational impacts as these impacts tend to impact both organizations and individuals. 

From an organizational perspective, privacy breach impact falls into a few categories. This is not intended to be an exhaustive list of possible categories. 

• Hefty Regulatory Fines 

• User Impact Remediation Costs

• System Impact Remediation Costs

• Loss of Trust 

• Brand Erosion

• Bad Press

• Vendor and Partner Problems

• More…

What do all of these items have in common? A simple answer again, decreased revenue growth, resource constraints and less profit for organizations. 

How do we measure these impacts? Usually in dollars or euros. GDPR provides a simple framework for such penalties to impacted EU entities.

The GDPR allows the EU's Data Protection Authorities to issue fines of up to €20 million ($24.1 million) or 4% of annual global turnover (whichever is higher). While this represents at first glance a very serious impact, it is only the tip of the iceberg for global organizations as each country has passed or is in the process of passing legislation that will only increase the overall penalty potential. The US Federal Trade Commission, for example, has levied privacy fines as large as $5 billion.

Now that it is clear what the impacts may be for organizations the question naturally arises, how can an organization avoid such daunting penalties? Some argue that more cybersecurity is the answer, but the track record over the last decade has been dismal for cybersecurity based approaches to organizational privacy fine avoidance. Even companies with mature cybersecurity programs struggle to prevent all data breaches. 

ZenPrivata believes that pure cybersecurity approaches are doomed to fail as the complexity of systems, data and network create an unmanageable and chaotic state that cannot be managed beyond protocols and standards. We believe in a blended approach that starts with PRIVACY, not security alone.

Learn more about our offerings to assist you in getting your privacy program on the right track. https://www.ZenPrivata.com/solutions or email: Hello@ZenPrivata.com