In addition to few resources with which to determine just which companies are doing a better job of securing personal data, many consumers do not know the difference between data breaches and related data fraud, she said.
And while conventional wisdom might deduce that such confusion would cause consumers to be even more wary of companies who have significant data incidents, Monahan said the lack of understanding may make people less sensitive to the reports in general.
For instance, consumers in states like California that have more stringent data breach disclosure laws may already be getting so many notifications of potential information exposure that it has already become and accepted norm in going about their lives in the digital age.
Adding to the lack of reaction against companies that experience data incidents is the fact that for every 1000 records that are lost or stolen via the events, there are only 8 instances of actual fraud, according to Javelin.
One of the first research companies to create metrics that attempt to track the financial impact of data breaches is the Ponemon Institute, which is headquartered in Elk Rapids, Mich.
According to a report issued by Ponemon in Oct. 2006, data losses cost U.S. companies an average of $182 per compromised record in 2006, compared to an average loss of $138 per record in 2005, for an increase of about 31 percent.
The report, based on interviews conducted with 56 individual companies known to have experienced a data incident in the previous year, also maintains that roughly $128 of the 2006 figure is related to indirect fallout from information leaks, such as higher-than-normal customer turnover.
Other expenses highlighted in the report include an average price tag of $660,000 per company in expenses related to notifying customers of a breach affecting their data, along with informing business partners and regulators. Ponemon contends that each company surveyed sacrificed roughly $2.5 million in lost business based on their incidents.
Company Founder and Chairman Larry Ponemon said that the muted reaction to the TJX incident illustrates that consumers will respond differently to individual breaches based on the events' parameters. The sheer scale of the TJX breach, and the fact that the company is a retailer, have a palpable affect on the manner in which people have reacted to the data catastrophe, he said.
"Consumers expectations for privacy and security are far lower for retailers and other merchants than they are for banks or health care providers, and because so many records were involved with TJX, people may assume there's a much smaller chance of having their identity stolen," Ponemon said. "There also appears to be a growing perception that if the event was the result of criminal activity, rather than negligence, as with the TJX attacks, people are willing to give the company a bit more leeway in terms of forgiveness."
The researcher said that people are far more likely to change business with a bank or financial services provider who has a smaller breach that affects their data than with such a large incident at a retailer.
However, banks that are carving out reputations as particularly strong protectors of customer data are gaining more customers, he said, including well-known firms such as Bank of America and Wachovia.
With retailers, many consumers may shop at the same stores and merely use checks or cash to pay for their purchases to limit exposure, he said.