Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

3/3/2017
11:45 AM
Steve Shoaff
Steve Shoaff
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

How to Use & Share Customer Data without Damaging Trust

These five tips for protecting consumer privacy will ensure that your customers will stay customers for the long run.

Consumer privacy is gearing up to make a big splash this year as people become increasingly annoyed with the way big data thefts at companies like Yahoo! are handled and regulators in Europe take aim at data sharing practices. The heightened scrutiny means companies around the world will have to shore up their security. They must be more responsible about their customer data use and sharing or they could risk damaging consumer trust, losing business, and even getting fined.

The drumbeat of data breaches and privacy snafus has been growing for years, and along with it the level of public discontent, and even outrage. People weren’t happy after Yahoo! announced last September that 500 million accounts were affected in a breach that happened in 2014. That backlash turned into a flood after the company reported in December that an even earlier breach, from 2013, had compromised one billion accounts — the largest data theft in history. It’s impossible to quantify, but the news about Yahoo! users cancelling accounts reached a fever pitch. We saw something similar when Spotify changed its privacy policy in August 2015 to allow for access to customer contacts, photos and GPS locations and share some data with advertisers.

Today, customers are more concerned than ever about what online companies are doing with their personal data, whether it’s sharing it with a third party or improperly securing it. A global November 2016 KPMG survey found that 55% of respondents had at one point decided against buying online due to privacy concerns and fewer than 10 percent feel they have control over the way organizations handle and use their personal data. The top concerns were: unwanted marketing (59%), personally identifiable information (PII) sold to third parties (58%) and lack of secure systems (55%).

Against this backdrop, the European Commission is getting ready to strengthen consumer privacy regulations, and cover international personal data transfers, with the goal of reinforcing trust and security in the digital economy. The impact of these rulings and others including the General Data Protection Regulation (GDPR) extend beyond Europe because non-EU companies who deal with EU consumer data will have to meet these rules going forward, which will mean some serious soul searching for many online companies in the U.S. and elsewhere.

Regardless of the regulatory environment, companies should strive to maintain customer trust as a matter of course. Here are some tips for protecting consumer privacy and ensuring that customers stay customers for the long run.

  • Be transparent. Set the tone with customers early and be clear about your privacy policies and practices. Explain how you plan to share their data and provide a way for customers to easily set and change their privacy preferences. Present your privacy information using plain language and make sure it is easy to find on the website and in emails to customers.
  • Go beyond the regulations. A lot of companies will have privacy policies that adhere to regulations but don’t have strict data policies that satisfy customer needs. While regulations are evolving and becoming more stringent, there is plenty of room to define and implement policies that protect data across a wider range of potential threats and scenarios.
  • Put users in control. Today’s regulations require fine-grain data governance, while progressive policies will help in adapting to tomorrow’s regulations. Collecting customers’ digital identities and affiliated data requires robust and granular data management technologies and practices. It will only work if users can easily view and change their preferences about what types of information they want a company to have and what to keep private. Empowering users with opt in or out choices and administrator visibility into these preferences will help ensure they are being enforced.
  • Be careful with third parties. Companies are increasingly sharing data with third parties including advertisers, service providers or partners who provide adjunct services and products. Have data access policies in place that limit what can be shared according to criteria like vendor type, job function, geography and demographics as well as customer choices. For instance, if you’re sharing your database with a marketing firm that’s doing an email campaign, make sure they can’t access customer financial data and block access to the email addresses of customers who have opted out of emails. Some of the largest data breaches have been due to vulnerabilities in the partner ecosystem. Strong policies provide an extra layer of defense in the event of a breach or errors that violate privacy.
  • Use security best practices. Privacy and security go hand and hand; employing the strongest possible security methods is crucial. Don’t just encrypt at the endpoints, encrypt data end-to-end, where it’s stored, while it’s in transit and when it reaches its end-use point. LinkedIn learned this the hard way last year after attackers were able to steal and fairly easily decrypt data from 100 million members. Also apply security controls directly to the data so they’re enforced when data travels beyond your firewall in our distributed digital world of apps, channels and connected devices.

Everyone suffers when companies fail consumers by mishandling their data. That’s why the EU is moving even further in that direction. Trust can be difficult to gain but easy to lose. Without it, the very underpinnings of the internet and the future of online activity are threatened. Companies need to make customer privacy a priority, or risk losing those customers.

Related Content:

 

Steve joined Ping by way of the UnboundID acquisition, where he served as CEO and co-founder leading the company's business strategy, vision and execution. At Ping, as chief product officer, he'll continue and broaden that strategic and visionary direction. Steve previously ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Attackers Infiltrate the Supply Chain & What to Do About It
Shay Nahari, Head of Red-Team Services at CyberArk,  7/16/2019
US Mayors Commit to Just Saying No to Ransomware
Robert Lemos, Contributing Writer,  7/16/2019
The Problem with Proprietary Testing: NSS Labs vs. CrowdStrike
Brian Monkman, Executive Director at NetSecOPEN,  7/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3414
PUBLISHED: 2019-07-22
All versions up to V1.19.20.02 of ZTE OTCP product are impacted by XSS vulnerability. Due to XSS, when an attacker invokes the security management to obtain the resources of the specified operation code owned by a user, the malicious script code could be transmitted in the parameter. If the front en...
CVE-2019-10102
PUBLISHED: 2019-07-22
tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf));", in function named "print_prefix", in "print-hncp.c". Th...
CVE-2019-10102
PUBLISHED: 2019-07-22
aubio 0.4.8 and earlier is affected by: null pointer. The impact is: crash. The component is: filterbank. The attack vector is: pass invalid arguments to new_aubio_filterbank. The fixed version is: after commit eda95c9c22b4f0b466ae94c4708765eaae6e709e.
CVE-2019-10102
PUBLISHED: 2019-07-22
aubio 0.4.8 and earlier is affected by: Buffer Overflow. The impact is: buffer overflow in strcpy. The component is: tempo. The fixed version is: after commit b1559f4c9ce2b304d8d27ffdc7128b6795ca82e5.
CVE-2019-10102
PUBLISHED: 2019-07-22
aubio 0.4.8 and earlier is affected by: null pointer. The impact is: crash (DoS). The component is: onset. The fixed version is: after commit e4e0861cffbc8d3a53dcd18f9ae85797690d67c7.