Endpoint

3/3/2017
11:45 AM
Steve Shoaff
Steve Shoaff
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

How to Use & Share Customer Data without Damaging Trust

These five tips for protecting consumer privacy will ensure that your customers will stay customers for the long run.

Consumer privacy is gearing up to make a big splash this year as people become increasingly annoyed with the way big data thefts at companies like Yahoo! are handled and regulators in Europe take aim at data sharing practices. The heightened scrutiny means companies around the world will have to shore up their security. They must be more responsible about their customer data use and sharing or they could risk damaging consumer trust, losing business, and even getting fined.

The drumbeat of data breaches and privacy snafus has been growing for years, and along with it the level of public discontent, and even outrage. People weren’t happy after Yahoo! announced last September that 500 million accounts were affected in a breach that happened in 2014. That backlash turned into a flood after the company reported in December that an even earlier breach, from 2013, had compromised one billion accounts — the largest data theft in history. It’s impossible to quantify, but the news about Yahoo! users cancelling accounts reached a fever pitch. We saw something similar when Spotify changed its privacy policy in August 2015 to allow for access to customer contacts, photos and GPS locations and share some data with advertisers.

Today, customers are more concerned than ever about what online companies are doing with their personal data, whether it’s sharing it with a third party or improperly securing it. A global November 2016 KPMG survey found that 55% of respondents had at one point decided against buying online due to privacy concerns and fewer than 10 percent feel they have control over the way organizations handle and use their personal data. The top concerns were: unwanted marketing (59%), personally identifiable information (PII) sold to third parties (58%) and lack of secure systems (55%).

Against this backdrop, the European Commission is getting ready to strengthen consumer privacy regulations, and cover international personal data transfers, with the goal of reinforcing trust and security in the digital economy. The impact of these rulings and others including the General Data Protection Regulation (GDPR) extend beyond Europe because non-EU companies who deal with EU consumer data will have to meet these rules going forward, which will mean some serious soul searching for many online companies in the U.S. and elsewhere.

Regardless of the regulatory environment, companies should strive to maintain customer trust as a matter of course. Here are some tips for protecting consumer privacy and ensuring that customers stay customers for the long run.

  • Be transparent. Set the tone with customers early and be clear about your privacy policies and practices. Explain how you plan to share their data and provide a way for customers to easily set and change their privacy preferences. Present your privacy information using plain language and make sure it is easy to find on the website and in emails to customers.
  • Go beyond the regulations. A lot of companies will have privacy policies that adhere to regulations but don’t have strict data policies that satisfy customer needs. While regulations are evolving and becoming more stringent, there is plenty of room to define and implement policies that protect data across a wider range of potential threats and scenarios.
  • Put users in control. Today’s regulations require fine-grain data governance, while progressive policies will help in adapting to tomorrow’s regulations. Collecting customers’ digital identities and affiliated data requires robust and granular data management technologies and practices. It will only work if users can easily view and change their preferences about what types of information they want a company to have and what to keep private. Empowering users with opt in or out choices and administrator visibility into these preferences will help ensure they are being enforced.
  • Be careful with third parties. Companies are increasingly sharing data with third parties including advertisers, service providers or partners who provide adjunct services and products. Have data access policies in place that limit what can be shared according to criteria like vendor type, job function, geography and demographics as well as customer choices. For instance, if you’re sharing your database with a marketing firm that’s doing an email campaign, make sure they can’t access customer financial data and block access to the email addresses of customers who have opted out of emails. Some of the largest data breaches have been due to vulnerabilities in the partner ecosystem. Strong policies provide an extra layer of defense in the event of a breach or errors that violate privacy.
  • Use security best practices. Privacy and security go hand and hand; employing the strongest possible security methods is crucial. Don’t just encrypt at the endpoints, encrypt data end-to-end, where it’s stored, while it’s in transit and when it reaches its end-use point. LinkedIn learned this the hard way last year after attackers were able to steal and fairly easily decrypt data from 100 million members. Also apply security controls directly to the data so they’re enforced when data travels beyond your firewall in our distributed digital world of apps, channels and connected devices.

Everyone suffers when companies fail consumers by mishandling their data. That’s why the EU is moving even further in that direction. Trust can be difficult to gain but easy to lose. Without it, the very underpinnings of the internet and the future of online activity are threatened. Companies need to make customer privacy a priority, or risk losing those customers.

Related Content:

 

Steve joined Ping by way of the UnboundID acquisition, where he served as CEO and co-founder leading the company's business strategy, vision and execution. At Ping, as chief product officer, he'll continue and broaden that strategic and visionary direction. Steve previously ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
New Bluetooth Hack Affects Millions of Vehicles
Dark Reading Staff 11/16/2018
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19406
PUBLISHED: 2018-11-21
kvm_pv_send_ipi in arch/x86/kvm/lapic.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where the apic map is uninitialized.
CVE-2018-19407
PUBLISHED: 2018-11-21
The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized.
CVE-2018-19404
PUBLISHED: 2018-11-21
In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hosting the .zip file at an external URL, and visiting index.php?r=appmanage/index/onlineinstall&url= ...
CVE-2018-19387
PUBLISHED: 2018-11-20
format_cb_pane_tabs in format.c in tmux 2.7 through 2.8 might allow attackers to cause a denial of service (NULL Pointer Dereference and application crash) by arranging for a malloc failure.
CVE-2018-19388
PUBLISHED: 2018-11-20
FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read, access violation, and application crash) via TIFF data because of a ConvertToPDF_x86!ReleaseFXURLToHtml issue.