Today’s businesses are data driven, the information compiled from consumers is a valuable commodity. Unfortunately, often businesses are liberal with the information they derive, however they do not always necessarily take due care in protecting this data.
There are many ways some businesses do not take care of customer information, here are a few areas in which these companies may be lacking:
• Lack of security
Security is a costly investment for a business, but it does not produce any revenue, so information security is sometimes cast aside as a lower priority in favor of other processes such as sales and marketing, especially if budgets are limited.
While nowadays information security is taken more seriously than it had been in the past, unfortunately many business still do not, or cannot, exercise care in providing adequate security for consumer data.
Data breaches are a common occurrence, either through accidental exposure or through exploitive methods employed by hackers. A business that does not tighten their internal security measures and vigorously maintain these processes put their customers and/or other consumers at risk.
This isn’t to say a breach can’t happen to a protected company, it’s simply the risks are higher for those that do not employ adequate security measures.
• Lazy disposal of data
This is connected to lack of security, but some businesses are even more careless with their customers’ data. It is one thing to either not understand security, but it is another to be reckless with data.
Consider the bank that allegedly dumped their trash without shredding documents. For one family, this recently led to suspected identity theft. To prove the incident, a family member of the alleged victim went to the bank’s dumpsters and was astonished to find documents in the bin that included names, addresses, bank account and routing information; even employee schedules and bank opening procedures were reportedly carelessly tossed away.
This incident poses the question, how many other entities do the same?
• Sharing with third parties
This is a sticky one because many people agree to this term and may not even be aware they’ve granted permission for their data to be shared. Most businesses these days protect themselves by including information sharing requirements in their terms of service or contractual agreements.
These terms are often, except where required by law, in favor of the business. It is lucrative for companies to be able to share information with affiliates, partners and other entities. Consumers that do not read their terms carefully may be surprised down the road to hear their information has been sold or given to other companies.
• Collect more than needed
Businesses do need to collect a level of customer data in order to process transactions, and often in exchange for certain perks, companies collect additional data to entice consumers to share even more information.
Consumers that want to protect themselves should limit the amount of data given and, if you feel information isn’t necessary to do business, question why it is being collected. For instance, many medical offices frequently ask patients for Social Security numbers. Many insurance companies no longer use SSNs as identifiers and are not needed in order to process claims, so this is not-needed information, but it’s still of value to a business.
Patients that leave this field blank on forms are often not questioned, yet some doctors’ offices will still keep this field on the form. Bottom line, question any information asked for by a business, and/or if any type of request makes you feel uncomfortable.
Businesses today have a responsibility to protect consumer data. There are some laws in the U.S., such as HIPAA, that require due care (in this instance the law relates to the medical industry). Additionally, there are frequently suggested laws that go through the legislative process to address consumer data protection. However, it is important to keep in mind that technology progresses much faster than the legal process and it is difficult for laws to keep up the same pace. Many businesses do exercise care in protecting consumer data, but there are still too many that do not employ adequate protection.
Consumer data is valuable and businesses strive to collect it, but may or may not work hard to protect this asset.