<img src="https://ad.doubleclick.net/ddm/activity/src=11631230;type=pagevw0;cat=pw_allpg;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=${GDPR};gdpr_consent=${GDPR_CONSENT_755};ord=1;num=1?" width="1" height="1" alt="">

Data Sharing Calculator

Data flows in and out of organizations at high velocity. Use this calculator to understand your potential risk
for a breach — and learn how you can mitigate the impact.



employees who have access to data they shouldn’t 1


employees sending work emails to the wrong person 2


organizations NOT “completely prepared” to react to a breach 3

Calculate How Much Sensitive Data You’re Sharing

Input your organization’s email volume, size and data-sharing habits in the fields below. We’ve provided some sample figures to help you get started.

Step 1

Emails sent per year

Step 2

Emails containing sensitive data




Get My Free Data Protection Checklist

See how your data protection and security stacks up with this checklist. Learn why it is a top concern for over 90% of organization's, uncover a few key considerations and why the ease-of-use and deployment is important.

How Could a Data Breach Impact Your Organization?

Any time there’s a data breach, there are financial consequences. The average cost of a data breach is $3.86 Million4. In addition to noncompliance penalties and fines, consider these impacts:


Lost business

often accounts for the bulk of breach costs because it includes high customer turnover and brand damages that hinder new growth.


Operational disruptions

including process breakdowns and lost employee productivity that could affect over half the business’s annual income.


Reactive costs

including notifying individuals whose data was breached and hiring external experts to help resolve the breach and repair brand image.


Civil damages

for individual victims and their PII, and class action lawsuits are becoming one of the most expensive consequences of a breach.


Theft of trade secrets and intellectual property (IP)

can significantly derail business growth, competitive differentiation, and future sales.


Risk of job termination

for those in charge of and most tied to data, security, and IT and potential company-wide employee turnover.

If, in the event of a data breach, your organization is found to be in violation of a security regulation, then additional penalties and fines are on the table.*

*The official penalties listed here are the potential maximum costs. There is a range of different actions and penalties an organization can face depending on numerous factors that the regulatory agency will evaluate and your legal counsel can best advise on.

Select any regulation(s) you have to meet and see the potential impact.



California Consumer Privacy Act – US State of CA

Noncompliance penalties are enforced by the California Attorney General’s Office and range per violation, depending on intent behind the violation.

Starting January 1, 2023, enforcement will be handled by a new office, the California Privacy Protection Agency (CalPPA). This will also change the penalty for violations related to data of minors, in which case possible fines are tripled.

$7,500 – each intentional violation of the CCPA

$2,500 – each violation of the CCPA that isn’t deemed intentional

These fines are assessed only after notice has been given and a 30-day “opportunity to cure” has been provided.



Consumer Financial Protection Bureau – US

Noncompliance penalties vary depending on the level of severity and negligence. Funds received through illegal or unethical business transactions are disgorged, or paid back, often with interest and/or penalties to those affected by the action.

Punitive damages apply to nongovernmental entities with a maximum $10,000 in individual actions and the lesser of $500,000 or 1% of the creditor’s net worth in class actions.



Family Educational Rights and Privacy Act – US

Loss/withdrawal of federal funding for the entire institution or agency.

Possible prosecution under criminal codes.



The Health Insurance Portability and Accountability Act – US

Noncompliance penalties range per violation (or per record), depending on the level of severity and negligence. Maximum penalty of $1.5 Million per year.

$100 – organization was unaware and couldn’t avoid breach

$1,000 – organization should’ve been aware but couldn’t avoid breach

$10,000 – organization neglected reasonable care but did attempt to correct violation

$50,000 – organization neglected reasonable care, and didn’t attempt to correct violation



General Data Protection Regulation – EU

Noncompliance penalties can reach as high as €20 Million (or $24 Million) or 4% of annual global revenue from the preceding financial year – whichever is greater. Fines depend on the nature, seriousness, length of the violation, and history of noncompliance.

Prevention of doing business with a temporary or permanent ban on data processing and suspension of data transfers to third countries.

Request to erase data to protect individuals’ personal information.



Gramm–Leach–Bliley Act – US

Noncompliance penalties extend to the financial institution/organization and individuals deemed in charge.

$100,000 – each violation for a financial institution

$10,000 – each violation for individuals in charge

Criminal charges with up to 5 years in prison for individuals found in violation.



International Traffic in Arms Regulations – US

Civil fines up to $1 Million per violation.

Criminal fines up to $1 Million per violation, 20 years imprisonment, and being barred from conducting any future export activities.



Criminal Justice Information Services – US

Noncompliance penalties are governed by the DOJ Criminal Justice Information Services Security Policy. Improper access, use, or dissemination of CHRI and NCIC Non-Restricted Files information may result in administrative sanctions.

Termination of services

State and federal criminal penalties

Protect Data Everywhere It’s Shared and Stored

While popular email providers offer some native security features, for many organizations, an additional layer of data protection for the digital workplace is necessary to collaborate with confidence, maintain visibility and control, and meet compliance.

Virtru provides flexible, easy-to-use, and trusted privacy enhancing technologies, like Google email encryption, that govern access to data throughout its lifecycle so you can unlock its full potential to help you do your job and help your organization meet its mission.

To learn more about Virtru email encryption,