Worried About Data Privacy? 10+ Tips for Businesses & Consumers for Protecting Data
Customer data, the holy grail of the digital world, is increasingly becoming a risk that companies are finding difficult to manage. Between January 2017 and August 2018 at least 16 major retailers were hacked. These retailers range from Macy’s to Sears to Best Buy. Data breaches carry a high price tag with the average breach costing companies $3.6 million globally. This price tag includes both direct costs such as resolving the problem and indirect costs such as reputational loss.
With the General Data Protection Regulation (GDPR) going into effect in May of 2018 the scrutiny on data collection is higher than ever. If found in violation of GDPR a company can face fines of up to $22 million or 4% of global revenues, which ever is higher. Recently Google was fined $57 million for violating GDPR. This violation is the first one for a major Silicon Valley tech company and the largest penalty issued to-date. GDPR is a European regulation but it is likely that additional countries will enact similar laws. As a result many organizations are in the process of updating their data collection policies but a lot of work still needs to be done. According to an eMarketer report, only 12% of IT and Legal professionals in the US confirmed that they are done and fully GDPR compliant. 32% said that their implementation is well underway and 22% said that they have started their implementation.
Companies are not the only ones concerned about data privacy. 71% of consumers in a study reported on by eMarketer said that they are concerned about how marketers collect and use their data. This is not surprising given some of the high-profile data breaches over the last few years including:
Marriott – Its Starwood reservation system was hacked and exposed the personal data of up to 500 million guests. Hackers gained access to email addresses, passport numbers, dates of birth, phone numbers and home addresses
Under Armour – 150 million accounts in its MyFitnessPal app were compromised. User names, passwords and email addresses were taken
Hudson Bay – A payment breach at Lord & Taylor, Saks Fifth Avenue and Saks Off Fifth caused 5 million credit and debit cards to be compromised
Adidas – customer contact information such as email addresses and home addresses for “a few million” were compromised
With the increasing need to better protect consumer data, here are a few tips that businesses can use to keep customer data safe.
Limit the amount of data that is collected. If the data is not necessary do not collect it. The larger the amount of data collected the greater the potential exposure and risk
Improve control over who has access to customer data. In many instances data breaches are the result of poor internal controls. Review who has access to sensitive data and determine if they need it. Often times employees have more access to data than they should
Consider not collecting sensitive information such as passport numbers and social security numbers
Require that customers provide complicated passwords to sign into your systems (i.e. ones that require the use of numbers, symbols, lower and uppercase letters)
Use state of the art encryption and ensure that it is kept up-to-date
Consider destroying data if it is no longer needed
Implement two factor authentication whereby a password and a second piece of identification is required for your customers to login to your site
Here are a few tips for what consumers can do to safeguard their data:
Change passwords frequently and do not use the same password across multiple sites
Do not use simple, easy to guess passwords. Instead use a password manager to help generate and manage your passwords
Use two factor authentication if available
Monitor your financial accounts regularly to ensure that you have not been compromised
To avoid being compromised through a phishing scam to not click on suspicious email attachments and links
Update your operating software and apps regularly to avoid missing any security patches
Do not give out your email address, birthday or other sensitive information simply because a company asks for it
Subscribe to our newsletter and get the latest retail insights & trends delivered to your inbox
Sources
https://www.emarketer.com/content/how-are-marketers-adapting-to-data-privacy-laws
https://www.emarketer.com/content/five-charts-the-gdpr-is-shaking-up-digital-marketing
https://www.emarketer.com/content/how-us-companies-are-becoming-gdpr-compliant
https://www.emarketer.com/content/some-people-value-their-data-more-than-their-wallets-and-cars
https://www.businessinsider.com/data-breaches-2018-4#sears-4
https://www.nytimes.com/interactive/2017/technology/how-to-protect-data-online.html
https://www.businessinsider.com/delta-sears-and-kmart-get-hit-with-breach-2018-4
https://www.huffingtonpost.com/entry/6-ways-to-protect-customer-data_us_59cd51f9e4b04575111f3963
https://www.consumer.ftc.gov/blog/2018/12/marriott-data-breach
https://www.emarketer.com/content/how-are-marketers-adapting-to-data-privacy-laws
https://www.emarketer.com/content/how-us-companies-are-becoming-gdpr-compliant
https://www.emarketer.com/content/many-people-feel-they-lack-control-over-their-personal-data
https://www.businessinsider.com/data-breaches-2018-4#adidas-3