As you may know, the EU is reviewing its data protection laws, and recently I participated in a hearing hosted by the European Parliament’s EPP group on one of the many important questions being looked at: “Who pays for Data Protection?”
Who pays for Data Protection?
This is not a simple question. There are lots of different kinds of costs that vary by industry and the size of the company. There are preventative costs to try to comply with this complex set of regulations as well as remedial costs that are even higher if something goes wrong.
To get a sense of this, we pointed to a recent survey by the Ponemon Institute which included 46 international companies, including both SMEs and large companies. The study made some very interesting findings:
The average cost for a company to comply with data-protection regulation in a 12-month period is about 2.5 million Euros.
While the overall costs are higher for larger companies than small ones, as you would expect, the relative burden for small companies is much higher – about four times more per employee for a small company than a large company.
The costs of non-compliance with data protection regulation are substantially higher than those of compliance – nearly three times on average.
Although it is an expensive proposition, compliance with data protection regulation makes good business sense.
Microsoft couldn’t agree more with the findings of this report. Users want their confidential data protected and it is very much in the interest of the technology industry to help and to support effective data protection. Microsoft’s own internal compliance policies are rigorous - we have more than 40 full-time privacy professionals and 400 other employees who help ensure that our privacy policies, standards and procedures are applied across the board.
We also build our products and services from the ground up with security and privacy features that make it easier for our customers to manage their own confidential information. Examples of recent products that encompass “privacy by design” are BitLocker, Kinect, Windows Phone 7 and Internet Explorer 9.
As the discussion continues on how best to update the European data protection regime, we appreciate the efforts of MEP Axel Voss (EPP) and the European Parliament, including to understand better the costs incurred by companies and others to comply with privacy laws.
If you are interested in learning more, you can watch the video broadcasted on EPP TV channel and a copy of my full remarks available online.