We routinely hear stories about “data breaches,” “identity theft,” “credit monitoring,” and other data loss-related events in the media. These reports are becoming more frequent – almost routine – and may run the risk of being overlooked by many companies – even those who are in the business of collecting, processing or otherwise using confidential information of individuals.

One recent case, however, illustrates why we should not fall victim to thinking that data breaches are “routine.”

The Wall Street Journal recently reported on the bankruptcy of a national medical records firm after over 14,000 medical records were compromised during a burglary of their California offices in December 2011. The burglary occurred on 12/31/2011, and was discovered on 1/3/2012 and promptly reported to law enforcement. Nonetheless, the company was required to report the incident to various state and federal regulators as well as notify each of the potentially affected individuals....