Worried About Data Privacy? 10+ Tips for Businesses & Consumers for Protecting Data

Man holding a cup of coffee and looking at a computer
 

By Tricia McKinnon

Customer data, the holy grail of the digital world, is increasingly becoming a risk that companies are finding difficult to manage. Between January 2017 and August 2018 at least 16 major retailers were hacked. These retailers range from Macy’s to Sears to Best Buy. Data breaches carry a high price tag with the average breach costing companies $3.6 million globally.  This price tag includes both direct costs such as resolving the problem and indirect costs such as reputational loss.  

With the General Data Protection Regulation (GDPR) going into effect in May of 2018 the scrutiny on data collection is higher than ever.  If found in violation of GDPR a company can face fines of up to $22 million or 4% of global revenues, which ever is higher.  Recently Google was fined $57 million for violating GDPR. This violation is the first one for a major Silicon Valley tech company and the largest penalty issued to-date.  GDPR is a European regulation but it is likely that additional countries will enact similar laws.  As a result many organizations are in the process of updating their data collection policies but a lot of work still needs to be done.  According to an eMarketer report, only 12% of IT and Legal professionals in the US confirmed that they are done and fully GDPR compliant.  32% said that their implementation is well underway and 22% said that they have started their implementation.    

Companies are not the only ones concerned about data privacy.  71% of consumers in a study reported on by eMarketer said that they are concerned about how marketers collect and use their data.  This is not surprising given some of the high-profile data breaches over the last few years including:

  • Marriott – Its Starwood reservation system was hacked and exposed the personal data of up to 500 million guests.  Hackers gained access to email addresses, passport numbers, dates of birth, phone numbers and home addresses

  • Under Armour – 150 million accounts in its MyFitnessPal app were compromised. User names, passwords and email addresses were taken

  • Hudson Bay – A payment breach at Lord & Taylor, Saks Fifth Avenue and Saks Off Fifth caused 5 million credit and debit cards to be compromised

  • Adidas – customer contact information such as email addresses and home addresses for “a few million” were compromised

With the increasing need to better protect consumer data, here are a few tips that businesses can use to keep customer data safe.

  • Limit the amount of data that is collected.  If the data is not necessary do not collect it. The larger the amount of data collected the greater the potential exposure and risk

  • Improve control over who has access to customer data.  In many instances data breaches are the result of poor internal controls.  Review who has access to sensitive data and determine if they need it.  Often times employees have more access to data than they should

  • Consider not collecting sensitive information such as passport numbers and social security numbers

  • Require that customers provide complicated passwords to sign into your systems (i.e. ones that require the use of numbers, symbols, lower and uppercase letters)

  • Use state of the art encryption and ensure that it is kept up-to-date

  • Consider destroying data if it is no longer needed

  • Implement two factor authentication whereby a password and a second piece of identification is required for your customers to login to your site

Here are a few tips for what consumers can do to safeguard their data:

  • Change passwords frequently and do not use the same password across multiple sites  

  • Do not use simple, easy to guess passwords. Instead use a password manager to help generate and manage your passwords 

  • Use two factor authentication if available  

  • Monitor your financial accounts regularly to ensure that you have not been compromised  

  • To avoid being compromised through a phishing scam to not click on suspicious email attachments and links 

  • Update your operating software and apps regularly to avoid missing any security patches

  • Do not give out your email address, birthday or other sensitive information simply because a company asks for it 

Subscribe to our newsletter and get the latest retail insights & trends delivered to your inbox

Sources 

https://www.emarketer.com/content/how-are-marketers-adapting-to-data-privacy-laws

https://www.emarketer.com/content/five-charts-the-gdpr-is-shaking-up-digital-marketing

https://www.emarketer.com/content/how-us-companies-are-becoming-gdpr-compliant

https://www.emarketer.com/content/some-people-value-their-data-more-than-their-wallets-and-cars

https://www.bloomberg.com/opinion/articles/2018-04-06/retailer-data-breaches-stop-giving-them-a-free-pass

https://www.americanexpress.com/en-us/business/trends-and-insights/articles/7-steps-to-ensure-customer-data-privacy/

https://www.businessinsider.com/data-breaches-2018-4#sears-4

https://www.nytimes.com/interactive/2017/technology/how-to-protect-data-online.html

https://www.businessinsider.com/delta-sears-and-kmart-get-hit-with-breach-2018-4

https://www.huffingtonpost.com/entry/6-ways-to-protect-customer-data_us_59cd51f9e4b04575111f3963

https://www.consumer.ftc.gov/blog/2018/12/marriott-data-breach

https://www.reuters.com/article/us-under-armour-databreach/under-armour-says-150-million-myfitnesspal-accounts-breached-idUSKBN1H532W

https://www.emarketer.com/content/how-are-marketers-adapting-to-data-privacy-laws

https://www.emarketer.com/content/how-us-companies-are-becoming-gdpr-compliant

https://www.emarketer.com/content/many-people-feel-they-lack-control-over-their-personal-data

https://www.bloomberg.com/news/articles/2018-04-01/hudson-s-bay-probes-data-security-issue-at-stores-including-saks

https://www.businessinsider.com/data-breaches-2018-4#adidas-3

Tricia McKinnonTrends