|Privacy, Data Protection and Security|
|Sunday, 30 March 2014 16:09|
At the height of last year’s Christmas shopping season, Target reported that some 40 million credit and debit cards were exposed to a possible data breach. The resulting breach led to fraudulent transactions and unprecedented customer data exposure. The U.S. Senate Commerce Committee launched an investigation aimed at understanding the breach and they released the results of this inquiry last week.
The Senate's findings can be summarized in two points: (1) Target allowed a vendor access to its network without proper due diligence and (2) Target failed to act on their own data security systems’ alerts. Target’s systems were compromised as a result of a vendor’s access to their network. Simply put, the small business did not have the proper security program to protect itself from hacking and was ultimately exploited in efforts to breach Target.
Unfortunately, the hacks, coupled with Target’s failure to follow through on its own data security system, were not acted on until the Department of Justice notified them of the breach. The technology revolution has changed the world, as it has retail as we know it. Information formerly stored in secure warehouses is now somewhere in the ether, forcing small and large businesses to begin to think about how to protect their information and ultimately their reputations from hackers.
In short, Good privacy is good business. Good privacy practices are a key part of corporate governance and accountability. One of today’s key business imperatives is maintaining the privacy of personal information.
As business systems and processes become increasingly complex and sophisticated, organizations are collecting growing amounts of personal information. As a result, personal information is vulnerable to a variety of risks, including loss, misuse, unauthorized access, and unauthorized disclosure. Those vulnerabilities raise concerns for organizations, governments, and the public in general.
Organizations are trying to strike a balance between the proper collection and use of their customers’ personal information. Governments are trying to protect the public interest and, at the same time, manage their cache of personal information gathered from citizens.
Consumers are very concerned about their personal information, and many believe they have lost control of it. Furthermore, the public has a significant concern about identity theft and inappropriate access to personal information, especially financial and medical records, and information about children.
Individuals expect their privacy to be respected and their personal information to be protected by the organizations with which they do business. They are no longer willing to overlook an organization’s failure to protect their privacy. Therefore, all businesses need to effectively address privacy as a risk management issue.