The increased number of stories on data breaches in the news today has many implications, for consumers it’s an increased risk of financial loss, identity theft and personal privacy erosion. For business its loss of customer trust and a drop in revenue.
These breaches affect businesses of all kinds, from retailers like Target and Neiman Marcus to “social’ companies like Twitter and LinkedIn. The best way to prevent these disastrous events from happening is to learn from past mistakes and create proactive guidelines for both business and customers to follow.
Two previous data breaches that opened the eyes of companies and consumers are TJ Maxx and Target. TJ Maxx’s data breach, one of the largest hacks in history, 94 million customers credit card numbers and 455,000 customers who returned merchandise, personal information were compromised.
Although the FTC put standards in place for TJ Maxx to follow, little was done to prevent the situation from happening in the future with other businesses. The company’s subsidiary store Winners in Canada prompted a thorough investigation by the Canadian Privacy Commissioner. The Commissioner came to a resounding conclusion – the companies collected too much personal data from their consumers, and they didn’t take necessary steps to protect them. The Commissioner put guidelines in place that included details like what information could be collected and how long a company may hold that information.
Furthermore, the office of the Privacy Commissioner put a set of guidance tools in place to help businesses and consumers learn how to protect personal data. The guidance includes:
- Collecting only personal information necessary for the particular purpose
- Create several layers security around risk management, security policies, human resources security, physical security and technical security.
Another data breach that affected 70-100 million customers is Target, who again collected and stored too much of their customer’s personal data, giving hackers a pool of personal data to misuse. Target reported that the widespread theft of its customers’ data had a significant impact on the company in the fourth quarter, with more than a 40 percent profit decrease than the previous year. These data breaches prove that establishing tools and objectives is difficult, but not impossible. Business must be proactive with the policies they put in place to not only secure their current patrons, but to protect their revenue.
There is one practice called data minimization that both businesses and customers can engage in. Data minimization means collecting the least amount of data needed to perform a function. From a patrons perspective this means being choosy with what personal information they provide, whether it’s full name, email address, telephone number or home address; just because they ask you doesn’t mean you need to provide it. Users can think about the value of their data before making this exchange for sales and services. For businesses it means only asking for the data that is essential to complete the given task.
Besides data minimization, businesses can engage in numerous strategies to better protect themselves and their customers. Here are some strategies to consider:
- Perform an information risk audit
- Develop provisions to record the consent of your users
- Develop a security plan to protect personal data your business collects
- Train your employees on how to follow your privacy plan and policy.
There will always be a high risk in doing business with the personal data age and these recent data breaches prove that the loss of customer trust will significantly impact businesses revenue. Luckily, there are steps to take that will improve business and customer relations around data. By implementing these practices, customer trust will be more secured and businesses bottom line will be at less risk.