Another option is to sift out information that isnt accessed much and put it into a separate directory, thus giving yourself a lightweight directory thats available unencrypted. Manion suggested a scenario in which you have an LDAP directory available via a Web interface, connected via SSL (Secure Sockets Layer). Thats conceivably a decent amount of protection, with the database encrypted in the background. It matters what the architecture looks like, obviously, Manion says. A more general question is, How sensitive is the data, and who should access it? If its very, very sensitive, perhaps it doesnt belong in a globally available directory in the first place.How can I estimate the damage done to my companys brand if I have to notify my customers of a data breach? People ask this when their goal is to assemble a business case for spending more money on securing customer data. Its a fair question to ask, but its tough to find recent studies on the topic. Im still searching, so if anybody knows of any good resources, please send them my way.For insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog. Of course, it probably goes without saying that you should sit down with your finance department to get their input on this question. Talk to your marketing and/or sales department. Look at your companys history and at that of your competitors. Has your company in any way fumbled its reputation within the recent past? Have your competitors done so? If so, take a look at revenue figures preceding and following the fumble. Ask sales reps or marketing personnel what kinds of experiences they had with customers. Ask them how long it took to regain their footing. Extrapolate. Chances are, it wasnt a pretty sight. Ill let you know when I come up with a more specific formula, but in the meantime, tell your management that youd rather not find out firsthand. Write to me at email@example.com. eWEEK.com Associate Editor Lisa Vaas has written about enterprise applications since 1997. Check out eWEEK.coms Database Center at http://database.eweek.com for the latest database news, reviews and analysis.