Huw Thomas, Managing Director at PMC, talks about customer data security.
For the past few years retailers have been busy focussing on ensuring strong security of customer card data driven by the PCI standards, now the landscape is shifting to also include general customer data such as name, email and address.
In the UK, the most important piece of legislation organisations must worry about is the Data Protection Act and the possibility of monetary penalty notices by the information commissioner (ICO) requiring organisations to pay up to £500,000 for serious breaches of the Data Protection Act. It feels like the majority of data breaches happen in the US and the figures tend to bear that out – the US accounts for the overwhelming majority of the really big data breaches that have been made public, some of them absolutely vast. But US laws and regulations force organisations to admit to data breaches involving customer, something which is not true in all countries.
Globally, the UK currently ranks a distant second behind the US for data breaches, which is no cause for complacency. Many high profile breaches have occurred over the past couple of years; Think W3, Moonpig, Talk Talk. Undoubtedly, larger and more serious breaches lie ahead.
Many data breaches are categorised as hacks but a major risk comes from company resources who have easier access to the core data. Securing your network to external intrusion does nothing to address this.
So isn’t the answer simply just to encrypt all of the customer data you collect? That would certainly help to assist protection of that data but the reason you are collecting it in the first place is to be able to analysis it and use it to drive improvements in your business. Personalised promotional activity is difficult if you can’t identify the person in your data set!
If you would like to discuss customer data security in more detail then please contact us on firstname.lastname@example.org