The E-Commerce Times is publishing a series on “The Cost of ID Theft”. Part one of the series is titled “Beyond Dollars and Cents” and examines the cost of ID theft to victims and to businesses. In the end, victims are usually affected by trauma and paperwork, but the real damage is done on the business end.

Absolute Software CEO John Livingston is quoted in the article as noting that consumers can expect to recover 54% of money lose due to identity theft (a number declining), and that businesses can expect to pay an average of $197 per customer record lost. With 127 million records lost in 2007, that is over $25 billion in direct business losses.

In part two of the series, entitled “Fixing the System”, notes that the business cost per incident of ID theft as a result of a data breach have increased from $41,717 to $49,254. While the cost to notify consumers of a data breach have declined, the cost of lost business is more significant than direct cash losses. Customer churn as a result of a data breach is an average of 2.67%.

Failing to encrypt stored data is “one of the most egregious errors” being made by organizations, maintained Randy Abrams, director of technical education at security firm ESET. “Consumer information should always be encrypted. If media is lost or stolen in transit, it is not going to be used for identity theft or anything else if it is encrypted. Similarly, consumer information, student information, taxpayer information and the like must be encrypted anywhere it is stored. The only reason a stolen computer or hard drive can compromise personal information of thousands of people is because of gross incompetence.”

The article notes the growing government reaction to identity theft in the form of state and national regulations. The current regulatory environment can result in conflicting state requirements, which can result in higher costs to companies that span several states. A federal data breach law has yet to be passed, although several have been tabled for consideration.

Tags: identity theft, id theft, costs, data breach, data breach notification, law, legislation, privacy legislation, cost of data breach