Enterprises must re-consider the validity of data collection

The confession from Sony that the personal details of more than 70 million PlayStation Network and Qriocity customers has been obtained illegally by an "unauthorised person" is yet again an unfortunate instance of security policy failing....

Share

The confession from Sony that the personal details of more than 70 million PlayStation Network and Qriocity customers has been obtained illegally by an "unauthorised person" is yet again an unfortunate instance of security policy failing. Worryingly, these instances are now commonplace and enough simply isn’t being done to pre-empt such situations. Sony’s story joins the now countless high profile data losses on the part of government and large corporations that are serving to heighten public interest in data protection and information security generally. Customers are clearly at the core of business concern. They are now more than ever aware of their personal risks and are becoming increasingly savvy about what to do to mitigate them. They need to be confident in the security of business practice if they are going to be confident in the organisation.

In this digital age, given the increasing levels of cybercrime targeting rich customer data for financial gain, businesses need to take a step back and ponder whether they are moving into an economically healthy online age or whether the losses from law suits and reputation, such as in this latest instance with Sony, will ultimately cripple organisations’ growth in the long term. At the core of the issue, enterprises need to re-consider the validity of data collection and accessibility. Marketing departments may perhaps be the most obvious example of the need to review the amount and type of information they gather, how it is gathered, and how widely it becomes available. Marketing organisations have never been more effective at gathering information, profiling and targeting their customers, which is a great benefit to the business. However, marketing managers must also think hard about what their processes communicate to their customers - do marketing campaigns, for example, suggest that sensitive customer or even account data is being shared widely across the organisation, or worse with the outsourced call centres? Can they justify to customers what information they are working with and why?

Personally I find it difficult to understand why an online restaurant reservations company needs much more than my name and a phone number when it takes a dinner reservation. They must recognise that when savvy customers object, business is lost.

The review should not be limited to marketing. Companies should consider whether data needs to be stored permanently or whether it can be held temporarily. Authentication is a clear example of where the data usage requirement can be temporary. Trust is both a logical and emotional achievement that is difficult to develop and all too easy to lose. Data loss and identity theft is now a mainstream concern. People are alarmed by the enormity of the potential loss to them, with emotional distress over such incidences having the potential to damage customer relationships permanently. Any company or government office wishing to transact online, even those with the most comprehensive and effective security measures in place, must now also invest in assuring confidence in these measures. In the digital age, customers that believe you value their data, and understand what you are doing to protect it are more likely to believe you value them. The task ahead is not insignificant. Philosophically, information security, traditionally an IT discipline, must evolve into a broad management concern, while security must become an integral consideration in the innovative development process. Clearly part of the challenge will be for organisations to understand how much to invest in this effort. Years of investment has successfully moved them to the cost-effective cashless online services and processes that now underpin core operations. They must be guided by their dependency on a healthy digital age. Posted by John Colley, Managing Director, (ISC)2 EMEA

Find your next job with computerworld UK jobs