It’s hardáto say how many data breaches fall into the category of custodial carelessness (government laptops stolen), provider carelessness (consumers handing out their social security numbers to anyone who asks for them), or maliciousness (outright data theft for financial gain, on any scale – see “Certegy’sáID breach lost 8.5 million names” on p.4 ).
But consumers don’t always differentiate between these. No matter how their information was disseminated to audiences the consumer did not foresee or intend, it’s still a violation to them.
Whose responsibility is it to educate consumers about the best practices for keeping their world secure? There are so many contradictory practices in place that it’s hard to know whom needs what information. My doctor has only just stopped trying to identify patients who call in with their SSNs, as enough of us objected. Now, they search for my records by – in a masterstroke of simplicity – my name and address. But someone shipping personal goods from one country to another will be required, by law, to provide a body of information that seems onerous at best, and compromising at worst.
To that end, government agencies have been given until September 22 to come up with a plan to secure the swathes of data it has on Americans. Whatever the solutions are, that’s only the first salvo in the battle. The far greater challenge will be a consumer-education effort. While the White House objective is directed at consumer data held by government agencies, it would be prudent for any such effort to take a broader brush to the issue and educate consumers about data in general – when it’s safe to give certain information to certain parties, what checks to make, and when to draw the line.
Complicating matters is the quantity of data consumers willingly submit to companies during the two-way marketing and purchasing process. E-commerce naturally requires sufficient information from consumers to potentially lead to fraud, yet consumers have embraced online shopping. The privacy policies of individual online retailers – and how they’re stated – go some way in giving consumers a sense of security, of course. (In fact, Bob Gellman on p.13 this week has written in more detail about the psychological effect sites’ security policies have on consumer buying patterns.)
But consumers also give up a lot of information in other marketing environments, not just ones in which a financial transaction takes place. We all know the consumer is increasingly savvy; a great number of them understand that the more information they give up about their lifestyle preferences, the richer the relationship they will have with brands – from getting coupons to being identified as an influencer and being let into the brand’s inner circle.
With today’s plethora of technologies that can link together all of the touchpoints a consumer has with a brand, all it takes is one transaction, one simple credit-card purchase, say, for this relationship to be violated beyond repair. In last week’s issue, Mark Pribish of Merchants Information Solutions said the average cost of a data breach is $182 per lost record. Can you afford that?