Keeping consumers’ data safe
January 28 this year is Data Privacy Day. Data privacy and security should be one of the foremost concerns for brands dealing with consumer data, yet it is surprising how easily security measures can be breached.
A recently published Forrester report points out that though reports of customer breaches or abuse of privacy frequently feature in news headlines, it often takes months or even years for those affected by the breach to overcome the consequences or for the companies involved to absorb the costs.
The report, titled “Lessons Learned From the World’s Biggest Data Breaches and Privacy Abuses, 2016”, looks at the most notable incidents of the past year to come up with learnings in a bid to prevent repeat occurrences.
The first piece of advice is for companies to find and classify sensitive customer data. By doing this, businesses can segment sensitive information into micro perimeters and monitor users for unusual activity. Respect for customer privacy needs to become the foundation of the company’s culture.
According to the report, hacking and breaches have financial, political or social causes. It could be that the hackers simply disagree with the business practices of a certain company. It could also be that they plan to sell customer data on the black market. Regardless of the motivation, regulators on a global scale are demanding greater commitment from business in terms of customer protection.
It is interesting to note that the technology, government and retail industries account for 95% of breached customer records. What is key to understand, according to the report, is that a breach can be even a simple act such as e-mailing personal information to someone else in error.
And while the sharing of information brings with it a host of benefits, it can also pose a risk to the brands that are sharing it. Brands are advised to audit all third parties with whom they share information, as this will ensure that the necessary processes are in place to protect both brand and consumer.
One of the fundamental responsibilities in this regard is to ensure that organisations have a clearly defined path for users internally to report suspicious activity – there needs to be a way for breaches to be reported rapidly to the organisation. This process must be developed by security and risk professionals, and employees must be able to report on risky activities – whether intentional or unintentional – and have no fear of retribution.
Furthermore, the report suggests that core capabilities should be developed within organisations to ensure that customer data is handled in the correct way, privacy of data is ensured and privacy systems are assessed for effectiveness in a cohesive manner. Context is an important consideration and customers as individuals should have the freedom to negotiate the collection and use of their data, while organisations themselves must be transparent in terms of how they will use data, and provide opt-in and consent mechanisms.
The report emphasises, however, that all privacy processes and procedures are useless unless they can be enforced internally; organisations must ensure that they’re actually achieving what the policies promise and that all employees in contact with the data understand data use and handling policies.
Encrypting data is important because unless hackers have also managed to steal the encryption keys, they will not be able to sell the encrypted data they obtain.
The big take-out: A recent Forrester report has analysed some of 2016’s biggest data theft disasters to come up with learnings and suggestions on how organisations can better protect the privacy of their customers.