The ruling more than a year ago by the 9th US Circuit Court of Appeals in Krottner v. Starbucks was the first in a cascade of legal and regulatory actions that promise to increase the costs of data breaches for US companies.

The court ruled that, to take a case to trial, plaintiffs no longer need to show actual harm or imminent threat of harm from a data breach. They simply have to show increased risk of harm.

As a result, lawsuits are now being filed faster -- not months or years after a breach, but just days or even hours after the breach announcement goes out. That's what Bob Parisi, a senior vice president dealing with professional liability and cybernetic issues at the global insurance firm Marsh, told me recently.

In October 2011, the Securities and Exchange Commission issued guidance reminding public companies that privacy breaches can be “material events” and need to be disclosed. Even though this guidance specifically applies to public companies, private firms that do business with public corporations may also find that they need to start disclosing breaches to retain their corporate customers.

An updated breach notification law that went into effect in California in January requires companies to include more information in breach notices. Illinois also updated its breach notification law at the start of the year, adding more details about what disclosure notices need to say.

But the biggest change will come from Texas. A law that will go into effect in September 2012 requires any company that does business in Texas (say, by having one customer in that state) to notify all affected customers if a breach takes place. Not just affected Texas customers -- customers who live anywhere in the US. Companies that fail to comply can get fined up to a quarter of a million dollars. Per breach.

Ouch!

And it's no longer enough to offer a year of credit monitoring in response to a breach. Depending on what kind of breach occurred, companies may need to get creative with their remedies. After all, what good is credit monitoring to someone whose private medical records were compromised?

Any company that stores sensitive data should be aware of what's going on. Whether the data is customer credit card numbers, employee Social Security numbers, patient X-rays, or even contact names and email addresses, you will need to start keeping a closer eye on it. After all, any data could be of use to malicious individuals. Customer names and contact details could be used for spear phishing attacks to get your customers to turn over even more information.

How can you protect your company? First, tighten up the protections on your data. Reduce employee privileges. Increase the use of encryption. And if you haven't done so yet, consider second-factor authentication.

Sure, these steps can be burdensome and expensive. In the past, it may have been cheaper to deal with losses than to roll out tighter controls. Well, the cost-benefit equation has been changed, and some of these expensive preventive measures may now make financial sense.

Second, have a plan in place. There is no 100 percent guaranteed method to protect against data losses. There might be a flaw in your technology. Or you might have an employee with a grudge. Or a business partner might allow your data to leak. Once that happens, be ready to respond immediately and appropriately. That includes staying on top of the relevant federal and state regulations, keeping up with law cases, and watching what other companies do when they have a breach.

Finally, if the costs of dealing with a breach are more than your company can afford, consider buying insurance. After all, a paper mailing costs an average of $1 a piece, and if you lost a million credit card numbers, that's a million bucks right there for postage and handling, before you add in buying credit protection for everyone, defending yourself against class-actions, and trying to repair your public image.

Related posts:

• Security Predictions for 2011: A Year in Review
• Security Software Earns Bank User Kudos
• Hackers Take Note: Cyber-Insurance Is on the Rise

— Maria Korolov is president of Trombly International, an editorial services company that provides coverage of emerging technologies and markets. She has been a journalist for over 20 years.