The Risks
Data can be "classified" into highly sensitive, sensitive and private categories depending on what could occur if disclosed.
| Type of Data | Examples | Risks if Disclosed |
|---|---|---|
Highly Sensitive Accessible by explicitly approved authorization; PIRN; Regulated by law and MIT Policy |
|
|
Sensitive Accessible by employees with a business need to know; Regulated by MIT Policy |
|
|
Private Accessible by general public with a need to know |
|
|
The Financial Costs of a Data Breach
A Ponemon Institute study sponsored by PGP Corporation and released in January 2010 shows that the cost of a data breach continues to increase. This fifth annual survey for 2009 shows a significant spike in legal defense spending while breaches involving third-party organizations remain the most costly.
According to the study, data breach incidents cost US companies $204 per compromised customer record in 2009, compared to $202 in 2008. The average total per incident costs in 2009 were $6.75 million, up from $6.65 million in 2008.
Factors considered in the study include outlays for detection, escalation, notification and response; investigative and administrative expenses; cutomer defections, opportunity loss and reputation management; and costs associated with customer support such as information hotlines and credit monitoring subscriptions.
Additional costs that MIT might incur due to a data breach:
- Loss of donor contributions
- Fines by federal, state or other agencies
