Privacy and Security Training

There are several types of harm that emerge from a privacy or security incident: damage to the organization’s reputation, financial harms (costly litigation, large damage awards, and expensive and burdensome notification requirements), lost time and resources, harm to clients, customers, and employees, soured relationships and lost trust, and regulatory consequences. According to a Ponemon Institute study, the average cost of a data security incident is more than $7 million. Agencies such as HHS and the FTC are stepping up enforcement, and penalties can be big. Fines for HIPAA violations can go up to $1.5 million per provision of HIPAA violated, and FTC settlements can require auditing of companies for 20 years! Training reduces the risk of an incident because many incidents are the product of a human mishap. A review of the thousands of reported privacy and security incidents across many industries has revealed a common theme. A sizeable majority of incidents happen because of a lack of guidance and awareness about privacy and security. An article in the Wall Street Journal aptly said that an organization’s biggest data security risk is “you.” Data security is not just a technical problem but a human problem.