It seems innocent enough. Collect email addresses and birthdays so you can reach out to your most loyal customers on their special day. But where is this data stored? Who has access to it? How is it protected?
In the digital economy, customer experience is paramount. Data lets us deliver a personalized experience in real time. But making the customer record richer and more valuable to your company also makes it more valuable to others.
Data is the new oil. It’s the fuel powering growth and innovation, and bad actors can’t wait to get their hands on it. Even a seemingly innocuous piece of information such as an email address or birthdate can be used in identity theft. Today, all personal data is sensitive and there’s more of it all the time.
If you’re in business, you handle sensitive personal data about customers, employees, and partners, and you’re about to handle much more of it. As digital transformation expands across new areas of our lives, increasingly sensitive types of data will need to be shared and accessed by more entities, more frequently. We may not mind our ride-sharing service knowing our favorite destinations, but we care who sees our medical, legal, and financial records.
The days when companies could be casual about personal data are officially over. It’s time to assess the situation and put technologies and practices in place to ensure your customers can trust you with their personal data. Building that trust will reinforce a positive view of your brand, and protect you against the damaging effects a high-profile breach can have on your company’s reputation.
It’s also a matter of regulatory compliance. All over the world, regulations are evolving to address growing concerns about protecting personal data. Complying can be complicated and consequences for missteps serious. Europe’s new GDPR (General Data Protection Regulation) for 2018 includes fines of up to four percent of global annual revenue. A fine of $10 million on $250 million in earnings is a significant incentive. Technologies and regulations will continue to change, requiring companies to be vigilant and proactive about protecting personal data.
Find your data
The first step to improving security is discovery. You’ll need to ask a series of questions to determine the extent of the personal data you collect and hold. What types of personal data do you ask for? Where is this data held? What systems and processes handle it? Who has access to it? What security measures are in place to protect it? Which partners need access to this data, and how do they ensure it’s handled securely? How might personal data assets expand in the future?
Craft your data security strategy
For many companies, data is fragmented and spread across multiple divisions and partners, with varying degrees of security in place to protect it. To prepare for the rapid expansion of data and access that digital transformation is bringing about, you need to craft and implement a strategic plan for governing and protecting personal data. Every partner contract, for example, should spell out requirements for data security standards and practices.
Consult with IT
As marketing becomes more involved with data-driven analytics and personalization, it’s important to look to the IT organization for guidance, expertise, and best practices. The right data protection policies, processes, and training need to be prioritized and fully ingrained in business functions. At a minimum, baseline security technologies and capabilities such as encryption need to be selected, deployed and routinely tested.
Choose your partners wisely
Given the complex and dynamic nature of protecting personal data, it makes sense to minimize what you hold. For most organizations, the right course will be to partner with a technology provider focused on streamlining the handling of personal data. Some new API-based services can help deliver the information you need without saddling you with keeping and protecting sensitive data. The right solution should ensure that data is dispersed, not held centrally. It should pull information from authoritative sources. It should depend on permission from the individual for access. And it should be continuously refreshed with the latest updates.
We need these solutions in order to support the expansion of digital business. The recent Equifax breach exposed 145 million Americans to identity theft. Meanwhile, Yahoo now says all of its three billion customer accounts were compromised. Still, significant progress is possible. Equifax not withstanding, the financial services industry has long pioneered leading-edge data security strategies and technologies, making online banking and credit card transactions reliable and secure. Currently, healthcare is in the personal data hot seat as they transition to digital. Your business is next.
New and more serious threats, rising customer expectations, the expansion of our digital lives, and new technologies such as artificial intelligence and the Internet of Things mean that protecting personally identifiable data will be an ongoing challenge. Now is the time to find ways to protect your brand and your customers from data breaches, and to build relationships with the technology partners who can help you implement effective security strategies now and in the future. Giving your customers the confidence to share the details of their lives with you may already be a competitive differentiator.
Author's bio: David Thomas is the CEO of Evident ID. He is an accomplished cybersecurity entrepreneur, having held key leadership roles at market pioneers Motorola, AirDefense, VeriSign, and SecureIT. He has a history of introducing innovative technologies, establishing them in the market, and driving growth – with each early-stage company emerging as the market leader.