Study: Customers don't want data handled outside

A customer will likely forgive a company once if a data security breach occurs and some of that customer's personal information is put at risk. But if the breach comes at the hands of a third-party vendor working for the original company, customers are likely to be less forgiving and will bolt to another firm for their products and services.

Those are some of the conclusions from a 17-page report, the "2006 Cost of Data Breach Study," released Monday by the Ponemon Institute LLC, an Elk Rapids, Mich.-based firm that looks at information and privacy management practices in business and government.

"It turns out that a major cost... [is] lost business opportunities" when customers no longer trust companies they have worked with and seek out new business relationships, said Larry Ponemon, founder and chairman of the Ponemon Institute and an occasional Computerworld columnist. Given the recent spate of corporate data breaches involving lost laptops, stolen computers and hacked networks, Ponemon said he expected people to become desensitized to the problem -- and complacent.

That isn't what his research showed.

"They're not numb and they do care and they're leaving" business relationships with companies that don't adequately protect their personal information, he said.

The study, which was sponsored by security software vendors PGP Corp. in Palo Alto, Calif., and San Francisco-based Vontu, is based on surveys of 31 companies that had known data breaches earlier this year. This was the second year for the study, which last year focused on 14 companies that suffered data breaches.