The issue in IT doesn't arise around the Coke formula on Dropbox, unless Coke could somehow sue Dropbox for damages. The issue arises around large quantities of sensitive information. What if those Red Box video rental machines could be stolen to get the credit card data inside (they can't, the data aren't in there).
The issue hits hard in medical record IT. Losing control of 500 or more folks' medical records gets your name in lights here, and you're required to try to notify everybody who might be affected.
http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachno...
What kind of insurance could possibly cover a startup against the reputation cost of this? Not insurance that any startup could afford. Plus, the liabilities for misuse of the leaked data (identity theft, employment blacklisting of sick people, you name it) are unlimited.
So, a business that holds medical records for people is inherently a Ferrari car wash, unless the entrepreneurs can somehow persuade their hospital customers to bear the reputation risk. That's very hard.
The issue hits hard in medical record IT. Losing control of 500 or more folks' medical records gets your name in lights here, and you're required to try to notify everybody who might be affected. http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachno...
What kind of insurance could possibly cover a startup against the reputation cost of this? Not insurance that any startup could afford. Plus, the liabilities for misuse of the leaked data (identity theft, employment blacklisting of sick people, you name it) are unlimited.
So, a business that holds medical records for people is inherently a Ferrari car wash, unless the entrepreneurs can somehow persuade their hospital customers to bear the reputation risk. That's very hard.