[This is the second excerpt from my How to Sell Backup to Your CFO whitepaper. Read the first excerpt from the whitepaper here.]
What Are the Industry Consequences of Data Loss?
Data loss costs will tend to vary by industry because the dependence upon technology and data is correlated to industry. Of course, there’s a wide variance within an industry because of a number of additional factors, such as company size and corporate psycho graphics (in terms of technology adoption).
There is no available breakdown of cost on an industry basis; however, in 2000, the Meta Group surveyed various industries and computed the cost of downtime. This information is depicted in the table below.
Beyond the immediate financial impact of data loss, other consequences include a loss of customer confidence, corporate liability and the loss of current and future business.
What Are the Regulatory Consequences of Data Loss?
Regulatory compliance describes the goal that corporations or public agencies conform and comply with relevant laws and regulations. CFOs care about regulatory compliance because of the consequences dealt when companies are not able to prove compliance. The consequences range from corporate fines to the loss of personal freedom in the most egregarous cases.
Regulatory compliance tends to vary by locale; the more prominent regulations are:
- SOX (Sarbanes-Oxley or Sarbox), a set of regulations which affects all public companies in the United States.
- FACTA (Fair and Accurate Credit Transactions Act), a U.S. federal law mandating that consumers can request a yearly free credit report. It requires secure disposal of consumer information.
- GLBA (Gramm-Leach-Bliley Act), a U.S. federal law requiring all institutions associated with financial transactions to protect the security, integrity and confidentiality of consumer information.
- FISMA (Federal Information Security Management Act), a U.S. act mandating security programs for all organizations which possess or use federal information systems on behalf of a federal agency.
- HIPAA (Health Insurance Portability and Accountability Act), a set of regulations associated with the U.S. health care industry.
- ITIL (IT Infrastructure Library), a series of books that creates a set of best practices for U.K. IT service management.
- DPA (Data Protection Act 1998), bringing the U.K. law into line with the European Directive of 1995, the DPA defines the law with respect to data and the processing of that data on identifiable living people.