Whose data is it anyway?
A survey done by the Chartered Institute of Marketing (CIM) found that 92% of the consumers they surveyed did not know how organisations use their personal data, and 57% don’t trust brands to use their data responsibly – their biggest concern is that data is being passed onto others without permission. IDC predicts a spend of around $32.4 billion in 2018 on the latest and greatest marketing technologies and big data crunching is likely to be at the core of those.
Data Protection and the GDPR
So can we place our trust in these brands to keep our private stuff private and our secrets well secret? The EU General Data Protection Regulation (GDPR) seeks to make all European organisations adapt their business approaches, operations, and security practices to meet a minimum level of security – a good step forwards in making sure that the data we share online more often (whether we are aware of it or not) is secured and not abused by the companies we place our trust in.
Businesses are obviously keen to cash in on our individual wants and needs by learning from our online habits, including shopping, internet activity and our social media posts, shares and likes. However CIM warns businesses that the findings of their survey needs to be heard, such as making the Terms and Conditions clearer, ensuring their staff understands the Data Protection rules, and making incoming visitors to websites feel more reassured with visual safety clues such as safe payment methods.
When is a delete not a delete?
We’ve seen a number of examples of significant data breaches in recent years, but one of them stands out because the breached company previously sold its customers the ability to have a ‘Full Delete’ of all data relevant to the customer. Hacked infidelity dating site Ashley Madison allowed users to pay $19 (£15) to erase “all traces of (their) usage. According to several reports including this from TheRegister, after paying for and using the Full Delete function, information could still be found including:
- • First and last name
- • Street address and postcode
- • Home, work and mobile numbers
- • Answer to security question
This is all personally identifiable information (PII) which could be used in a number of nefarious and personally damaging ways including social engineering, identity theft, fraud etc. So this breach of trust – not deleting what customers have paid them to delete – especially for a business model based on keeping secrets is damning. Business strategies increasingly depend on personal data but organisations need to be better prepared for working in this way or else they risk losing consumer confidence and even breaking the law. Directors are losing their jobs as a result of security breaches, and shareholders have filed derivative suits with varying degrees of success whilst regulators have made clear that they can and will enforce laws that punish companies, and their top management, for failing to adequately protect against cyber risks. Data breach is personal.
Contact Infosec Partners for full-spectrum security expertise
Whether you need assurance that your sites and systems are secure, or you need help in getting your organisation to meet the GDPR requirements, we can help. For a free consultation please complete the adjacent form or call us today on +44 (0)1256 893662 to speak with a trusted advisor immediately.