The management of Blue Cross Blue Shield of Tennessee (BCBST) has discovered the cost of data in-security.  Its 1.5 million dollars for the loss of 57 unencrypted computer hard drives from a facility in Tennessee. This is a costly way to find out that you haven’t got enough or the right type of security to protect the information at the core of your business.  Costly because you will still need to review and implement the safeguards for the data now.

Business needs to readdress the way it values the data that it collects on its clients, patients and employees.  Knowing the contact information of your patients helps you contact them when you need to.  Having additional information can be used for specific things with in the business.  But consider that the information you have to contact  your patients, clients or employees is what I need to steal their identities or to scam them into giving me more information so I can do further damage. 

It is time to look at the data from two viewpoints.  What do I need to have to do the job and what value does that have for someone else?  Does what I collect need a special form of storage or protection? What do I need to do to make it less susceptible to external theft and less available to insider miss use.

When I approach my business from this second point of view I can be better able to avoid the cost of a breach.