What are your personal details worth? I'm sure most of us would like to think they are priceless, but we have all seen reports of people who ware happy to give away their personal information to a stranger doing as survey for for the price of a cup of coffee or similar.
Without moving around the murky world of "1000 credit card numbers for a few quid" it's difficult to know. Until now. I can reveal that your details are worth
0.3p.
You may recall the
Sony Playstation Hack in 2011.
Well the ICO decided that for "one of the most serious breaches he has ever dealt with" a £250,000 fine is ..... well, fine. That's for
77 million records. 0.3p each. *
To be fair, the ICO has a limit on it's maximum fine - but that is £500,000, so we clearly have discovered the fair market price here.
And Sony is planning to appeal because "there was no evidence that encrypted payment card details were accessed". So that's alright then - only my credit card details are worth 0.3p - my name, address, birthdate, password and inside leg measurement are worth nothing.
So really for any business with a large number of users there's a simple bottom line calculation to do. How much will it cost me in the technical infrastructure, software, services and staff to fully secure the data (and have processes to keep testing they are secure). Answer - a lot, lot more than £250K for someone like Sony.
Did Sony lose business because of the damage to their reputation? My kids bedrooms say no.
* or 0.25p if Sony pays up straight away and gets the 20% early bird discount.
Perhaps the ICO will start offering BOGOF deals to serial offenders. :-(