Risks and opportunities of personal data, privacy, and trust
by Joni Brennan - Kantara Initiative Executive Director - Thursday, 20 March 2014.
The increased number of stories on data breaches in the news today has many implications, for consumers itís an increased risk of financial loss, identity theft and personal privacy erosion. For business its loss of customer trust and a drop in revenue.

These breaches affect businesses of all kinds, from retailers like Target and Neiman Marcus to Ďsocialí companies like Twitter and LinkedIn. The best way to prevent these disastrous events from happening is to learn from past mistakes and create proactive guidelines for both business and customers to follow.

Two previous data breaches that opened the eyes of companies and consumers are TJ Maxx and Target. TJ Maxxís data breach, one of the largest hacks in history, 94 million customers credit card numbers and 455,000 customers who returned merchandise, personal information were compromised.

Although the FTC put standards in place for TJ Maxx to follow, little was done to prevent the situation from happening in the future with other businesses. The companyís subsidiary store Winners in Canada prompted a thorough investigation by the Canadian Privacy Commissioner. The Commissioner came to a resounding conclusion Ė the companies collected too much personal data from their consumers, and they didnít take necessary steps to protect them. The Commissioner put guidelines in place that included details like what information could be collected and how long a company may hold that information.

Furthermore, the office of the Privacy Commissioner put a set of guidance tools in place to help businesses and consumers learn how to protect personal data. The guidance includes:
  • Collecting only personal information necessary for the particular purpose
  • Create several layers security around risk management, security policies, human resources security, physical security and technical security.
Another data breach that affected 70-100 million customers is Target, who again collected and stored too much of their customerís personal data, giving hackers a pool of personal data to misuse. Target reported that the widespread theft of its customersí data had a significant impact on the company in the fourth quarter, with more than a 40 percent profit decrease than the previous year. These data breaches prove that establishing tools and objectives is difficult, but not impossible. Business must be proactive with the policies they put in place to not only secure their current patrons, but to protect their revenue.

There is one practice called data minimization that both businesses and customers can engage in. Data minimization means collecting the least amount of data needed to perform a function. From a patrons perspective this means being choosy with what personal information they provide, whether itís full name, email address, telephone number or home address; just because they ask you doesnít mean you need to provide it. Users can think about the value of their data before making this exchange for sales and services. For businesses it means only asking for the data that is essential to complete the given task.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th