Page 2 of 3
“If you do not comply with PCI [Data Security Standard], your business may face significant financial and reputational risks.
“If your cardholder data is compromised, you could be required to reimburse us for card brand fines ranging up to $500,000 per incident, as well as subsequent fraud losses incurred by card issuers resulting from the compromised card data, which may exceed fine amounts.”
In addition, Bank of America says, a business could have its entire account blocked for a lapse in PCI compliance. And that’s even if a business conducts fewer than 20,000 credit card transactions in a year.
With HIPAA, health care providers themselves are often small businesses with the same regulatory compliance requirements as large, multi-global health insurance companies.
Even SOX requirements could be a factor for small, privately held companies. Under the act, third-party providers of significant services to publicly traded companies -- like VARs or consultants -- have to maintain the same controls as the publicly traded companies themselves. So the impact of non-compliant technology in even smaller organizations could loom large.
Wang acknowledges that Dropbox doesn’t provide any warnings for small businesses with its Dropbox for Teams service to let them know the risks of storing regulated data on its non-compliant infrastructure.
PCI compliance, Wang said, “may apply to a small subset of potential customers. For the vast majority,[the focus is on] collaboration and creative assets. We’re not talking about bank statements.”
He said that security, and functions like encryption, were in fact considered and included in the development of Teams, and customers have been happy with that. His comment comes after some customers of Dropbox's consumer service have had security complaints.
In unrelated cases, Dropbox has been fending off customer concerns about its security for some time. Those concerns -- which have led to at least two lawsuits and a complaint with the U.S. Federal Trade Commission -- include the alleged access of some Dropbox employees to individual customer data, as well as a one-time glitch that allowed some customer data to be accessed even without a password. Dropbox has been defending itself vigorously against criticism of its security, however, and has not been deterred in working to expand its addressable market.
Launched primarily as a consumer-focused tool for storing a small capacity of data online, Dropbox last month disclosed that it was launching Teams for collaboration -- targeted at SMBs. Dropbox for Teams, which is sold directly online, is priced at $795 per year for use by up to 5 people. Dropbox advertises Teams as providing “bank-grade” encryption, and the service allows for quick sharing of data stored in its online service -- including via Apple's iPhone.
NEXT: Should SMBs Use Dropbox For Teams?