These breaches affect businesses of all kinds, from retailers like Target and Neiman Marcus to Ďsocialí companies like Twitter and LinkedIn. The best way to prevent these disastrous events from happening is to learn from past mistakes and create proactive guidelines for both business and customers to follow.
Two previous data breaches that opened the eyes of companies and consumers are TJ Maxx and Target. TJ Maxxís data breach, one of the largest hacks in history, 94 million customers credit card numbers and 455,000 customers who returned merchandise, personal information were compromised.
Although the FTC put standards in place for TJ Maxx to follow, little was done to prevent the situation from happening in the future with other businesses. The companyís subsidiary store Winners in Canada prompted a thorough investigation by the Canadian Privacy Commissioner. The Commissioner came to a resounding conclusion Ė the companies collected too much personal data from their consumers, and they didnít take necessary steps to protect them. The Commissioner put guidelines in place that included details like what information could be collected and how long a company may hold that information.
Furthermore, the office of the Privacy Commissioner put a set of guidance tools in place to help businesses and consumers learn how to protect personal data. The guidance includes:
- Collecting only personal information necessary for the particular purpose
- Create several layers security around risk management, security policies, human resources security, physical security and technical security.
There is one practice called data minimization that both businesses and customers can engage in. Data minimization means collecting the least amount of data needed to perform a function. From a patrons perspective this means being choosy with what personal information they provide, whether itís full name, email address, telephone number or home address; just because they ask you doesnít mean you need to provide it. Users can think about the value of their data before making this exchange for sales and services. For businesses it means only asking for the data that is essential to complete the given task.