what is private data and what is not?

Ben: I agree that fixed format privacy data is more easily protectable when it is not fixed format. This certainly solves the problem of privacy data, but what about company secrets and non-fixed format information. Back to my Apple example I think the impact of leakage of iPhone 2 details could have been as damaging to the apple stock as the leakage of CCN of people on the itunes site. Now the question is "What is iPhone 3" and how does apple protect it?

If you make private data breaches significantly more expensive than protecting that data in the first place, the breaches will pretty much stop.

The way businesses look at this is cost: it costs me X to pay for a breach but 2X to protect from it in the first place. I'll do some superficial things, pay security some lip service, but that'll be about it. If a breach costs a business 10X, then the 2X needed to protect the data in the first place would look attractive.

This is somewhat simplistic but it speaks to the heart of business reality: securing personal data is an overhead function that doesn't produce any profit. Why should the business invest in measures to protect such data when it only ends up costing more money? When a breach costs the business significantly more than preventing it, the business will take steps to prevent it as this then becomes a cost avoidance issue.

Will this stop data breaches? Of course not; they will still occur. But their frequency and severity will drop significantly as businesses and vendors provide solutions to better manage this aspect of the business.

Protecting credit card, social security and bank account numbers is not obvious to you?