“If You Encrypt, They Must Acquit” Everyone is aware of what happened to the Target stores when they had a data breach of the credit card information of their customers. It almost killed their Christmas sales, their biggest month of the year. Further, although criminals attacked their systems and stole the information, the blame was placed at Target’s door, and nobody blamed the crooks. It was like blaming a bank because they were robbed. However, I do think they deserve some of the blame as it is now coming out that they did not encrypt their customer’s data. Data Breaches are one of the biggest liabilities for any web site. New privacy laws in California have severe penalties for a data breach, and the FTC is also using its powers to proceed against companies who have had a data breach. More and More states are passing data breach laws. You don’t want the blame for a data breach as happened to Target. Your customers will not be happy with you. Luckily, the California law, the FTC, and many court cases I have seen all say that if the data was encrypted, then it was not a breach. If you have upgraded to Windows 8.1, the Pro edition offers total hard drive encryption or partial encryption of your data as a standard feature. You can also get encryption freeware at download.com. I heartily suggest you encrypt any consumer data you maintain on your computers to reduce your liability for any data breach.
If your credit card payment form resides on a third party server, are you still potentially liable? For example, you have a payment form that redirects to a credit card processors payment form. Does your form need to be encrypted if you're not collecting payment data, just name, email, payment amount and description, but no credit card number, expiration, CVV?
Data Breach cases have no doubt risen to a large extent. Therefore, it is very important for us to encrypt our sensitive data before its too late. Reliable encryption softwares like TrueCrypt and Data Protecto are user friendly and the authentic.