A Data Breach may be deliberate or unintentional, but the effects are equally damaging. It refers to the release of sensitive, regulated, or confidential information to an unauthorized individual.
Data breaches can arise as a result of theft or loss of computer tapes, hard drives, or laptops containing information that is stored unencrypted or posted online without appropriate information security protocols.
Especially sensitive information may include:
- Financial information such as credit card or bank details
- Personal health information
- Personally identifiable information
- Intellectual property trade secrets
Data breaches are serious matters, and a number of industry guidelines and government regulations exist to help minimize the risk. For example, the Health Insurance Portability and Accountability Act (HIPAA) controls who may see and use personal health information such as name, date of birth, Social Security number and health history.
If an organization experiences a data breach that results in identity theft or violates certain government or industry compliance regulations, that company could be faced with fines, civil or criminal prosecution — not to mention the loss of consumer trust.