Many companies have chosen not to encrypt their important databases because of the added cost and complexity associated with it. But what are the costs of having unencrypted data laying around, vulnerable to theft, loss, and mishandling? Ask the 3.9 million Citigroup retail customers whose names, Social Security numbers, and account histories, fell off the back of a UPS truck in transit to a credit bureau.You can also ask the 80,000 U. S. Department of Justice workers whose names and credit card numbers were on a laptop stolen from a travel agency in Fairfax, VA. How about the 10,000 people whose names, SSNs, and credit card numbers were nicked from the Stanford University Career Center. Or the 1,500 patients whose prescription information was at risk because somebody at the University of Pittsburgh Medical Center couldn't figure out how to make a secure web page. Or the 16,500 whose data was stolen from an MCI employee database.Suddenly, everybody is beginning to ask the question that many of us in the privacy and security business have been encouraging enterprises to ask: can you afford not to protect the privacy of your data? For so many businesses, their databases are among their most valuable assets. Customer lists, account and transactional histories, customer profiles -- these are invaluable corporate assets that are critical to the operations of the company.Historic disasters, like the destruction of the World Trade Center towers, taught some companies the importance of off-site data backups. But then these newly enlightened executives don't think twice about handing an unencrypted backup tape to some bike messenger with a pierced lip.My rule of thumb for corporate data storage: if it's worth protecting, it's worth encrypting.