[BreachExchange] Should Your Customers Trust You with Their Data?

[Audrey McNeil]

http://www.tradersmagazine.com/news/technology/should-
your-customers-trust-you-with-their-data-117884-1.html

It seems innocent enough. Collect email addresses and birthdays so you can
reach out to your most loyal customers on their special day. But where is
this data stored? Who has access to it? How is it protected?

In the digital economy, customer experience is paramount. Data lets us
deliver a personalized experience in real time. But making the customer
record richer and more valuable to your company also makes it more valuable
to others.

Data is the new oil. It’s the fuel powering growth and innovation, and bad
actors can’t wait to get their hands on it. Even a seemingly innocuous
piece of information such as an email address or birthdate can be used in
identity theft. Today, all personal data is sensitive and there’s more of
it all the time.

If you’re in business, you handle sensitive personal data about customers,
employees, and partners, and you’re about to handle much more of it. As
digital transformation expands across new areas of our lives, increasingly
sensitive types of data will need to be shared and accessed by more
entities, more frequently. We may not mind our ride-sharing service knowing
our favorite destinations, but we care who sees our medical, legal, and
financial records.

The days when companies could be casual about personal data are officially
over. It’s time to assess the situation and put technologies and practices
in place to ensure your customers can trust you with their personal data.
Building that trust will reinforce a positive view of your brand, and
protect you against the damaging effects a high-profile breach can have on
your company’s reputation.

It’s also a matter of regulatory compliance. All over the world,
regulations are evolving to address growing concerns about protecting
personal data. Complying can be complicated and consequences for missteps
serious. Europe’s new GDPR (General Data Protection Regulation) for 2018
includes fines of up to four percent of global annual revenue. A fine of
$10 million on $250 million in earnings is a significant incentive.
Technologies and regulations will continue to change, requiring companies
to be vigilant and proactive about protecting personal data.

Find your data

The first step to improving security is discovery. You’ll need to ask a
series of questions to determine the extent of the personal data you
collect and hold. What types of personal data do you ask for? Where is this
data held? What systems and processes handle it? Who has access to it? What
security measures are in place to protect it? Which partners need access to
this data, and how do they ensure it’s handled securely? How might personal
data assets expand in the future?

Craft your data security strategy

For many companies, data is fragmented and spread across multiple divisions
and partners, with varying degrees of security in place to protect it. To
prepare for the rapid expansion of data and access that digital
transformation is bringing about, you need to craft and implement a
strategic plan for governing and protecting personal data. Every partner
contract, for example, should spell out requirements for data security
standards and practices.

Consult with IT

As marketing becomes more involved with data-driven analytics and
personalization, it’s important to look to the IT organization for
guidance, expertise, and best practices. The right data protection
policies, processes, and training need to be prioritized and fully
ingrained in business functions. At a minimum, baseline security
technologies and capabilities such as encryption need to be selected,
deployed and routinely tested.

Choose your partners wisely

Given the complex and dynamic nature of protecting personal data, it makes
sense to minimize what you hold. For most organizations, the right course
will be to partner with a technology provider focused on streamlining the
handling of personal data. Some new API-based services can help deliver the
information you need without saddling you with keeping and protecting
sensitive data. The right solution should ensure that data is dispersed,
not held centrally. It should pull information from authoritative sources.
It should depend on permission from the individual for access. And it
should be continuously refreshed with the latest updates.

We need these solutions in order to support the expansion of digital
business. The recent Equifax breach exposed 145 million Americans to
identity theft. Meanwhile, Yahoo now says all of its three billion customer
accounts were compromised. Still, significant progress is possible. Equifax
not withstanding, the financial services industry has long pioneered
leading-edge data security strategies and technologies, making online
banking and credit card transactions reliable and secure. Currently,
healthcare is in the personal data hot seat as they transition to digital.
Your business is next.

New and more serious threats, rising customer expectations, the expansion
of our digital lives, and new technologies such as artificial intelligence
and the Internet of Things mean that protecting personally identifiable
data will be an ongoing challenge. Now is the time to find ways to protect
your brand and your customers from data breaches, and to build
relationships with the technology partners who can help you implement
effective security strategies now and in the future. Giving your customers
the confidence to share the details of their lives with you may already be
a competitive differentiator.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180703/29613a5b/attachment.html>