Aug
14
2012

Data breaches — How will your company retain the confidence of your customers?

Stolen passwords, stolen credit card numbers, stolen identity information: Open any newspaper or news service, and quickly you can find a cybercrime having been committed against large, and now increasingly, midsize companies.

When this happens to your company, do you have a crisis plan in place, from mandatory letters to proactive public relations?

In a recent study by the Ponemon Institute, 72 percent of consumers who recall receiving a data breach notification letter expressed dissatisfaction with it. That feeling can directly translate into dissatisfaction with the company that sent the letter.

Read a recent article by Experian Data Breach Resolution, which can help your company improve upon the customer experience in the event that a confidence-busting data breach occurs.

Do you think you’re not a target for criminal data attacks because you’re not the size of Yahoo! or LinkedIn? The FCC recently released tips for small businesses, in response to an increasing number of criminal attempts and activity around small and midsize companies.

Given that in 2010, for the 11th year in a row, the overwhelming top consumer complaint to the FTC was identity theft, how you take action can help you regain the trust of your customers. The FTC advises organizations that handle Personally Identifiable Information (PII) to adhere to the following easily controllable measures:

  • Take stock. Know what personal information you have in your files and on your computer. Understand how personal information moves into, through and out of your business and who has access or could have access to it.
  • Scale down. Keep only what you need for your business. That old business practice of holding on to every scrap of paper is “so 20th century.” These days, if you don’t have a legitimate business reason to have sensitive information in your files or on your computer, don’t keep it.
  • Lock it. Protect the information you keep. Be cognizant of physical security, electronic security, employee training, and the practices of your contractors and affiliates.
  • Pitch it. Properly dispose of what you no longer need. Make sure papers containing personal information are shredded, burned or pulverized so they can’t be reconstructed by an identity thief.
  • Plan ahead. Draft a plan to respond to security incidents. Designate a senior member of your team to create an action plan before a breach happens.

As customers become more knowledgeable as to how their personal information is being collected and stored and by whom, more scrutiny and legal action will become the norm, and expectations from customers will continue to grow.


  1. No comments yet.

  1. No trackbacks yet.