Are you in control of your customer data?

1 September 2021

 

Heading image

An Entrust survey found that 79% of adults are at least somewhat concerned about their data privacy and 64% said their concern or awareness about data privacy has increased over the past 12 months.  

With consumer happiness and trust impacting bottom lines, customer concerns become business concerns.

From the UK Government’s Cyber Security Breaches Survey, 39% of businesses reported having cyber security breaches or attacks in the last twelve months. Like previous years, this is higher among medium businesses at 65% and large businesses at 64%.  This increase can be attributable to the introduction of remote working arrangements in response to the COVID-19 pandemic. 

This increase in the number of data breaches and cyberattacks shows the significant value of your customers’ personal data in your system. 

To protect your data from misuse, your organisation is required to maintain Personally Identifiable Information (PII) data compliance.

What is Personally Identifiable Information?

Personally identifiable information (PII) is information that, when used alone or with other relevant data, can identify an individual. PII may contain direct identifiers (e.g., passport information) that can identify a person uniquely, or quasi-identifiers (e.g., race) that can be combined with other quasi-identifiers (e.g., date of birth) to successfully recognise an individual.

A non-PII can become PII whenever additional information is made publicly available. For example someone’s date of birth itself is not a PII, but combined with other similar data could be considered as PII. 

Personally Identifiable Information

Data protection laws for Personally Identifiable Information

To protect consumers, many countries and regions have implemented data protection laws to provide guidelines for businesses collecting, storing and sharing customers personal information.  

These guidelines set out the obligations an organisation has for the information they collect, ensuring data is stored in a secure manner, used only for the purpose it was collected, and ensuring data is not shared if its protection cannot be guaranteed.

European Union
The General Data Protection Regulation (GDPR) requires businesses in the EU to comply with data governance practices. Any business established in the EU and any business that processes or controls personal data and offers goods and services to individuals in the EU, is regulated by the GDPR.

UK
Before Brexit, UK businesses were responsible under the GDPR. If you operate or deal with UK consumers, you will now need to comply with the UK GDPR under the Data Protection Act 2018 (DPA 2018). There is little change to the core data protection principles, rights and obligations, as provisions of the EU GDPR have been incorporated directly into UK law as the UK GDPR. 


Adopting Personally Identifiable Information compliance

Are you aware of the location of PII and how it’s linked in your system to specific individual customers?

An IDG Research Services survey commissioned by Insight Enterprises found that only 57% of organisations conducted a data security risk assessment in 2020.

It’s essential that you have your PII under control and secure to avoid the risk of unnecessary reputational damage and potential fines. You need to have access to a full review of data across your systems, software, and tools, called data mapping.

Customer privacy image

Why should you take customer privacy seriously?

Customer privacy is a complex issue for your business and your customers as well. It can seem daunting and expensive to set systems up to protect your customers PII - and keep them up to date. As well as openly and clearly communicating your data processes to your customers.  

It’s no longer enough to simply secure your data as it can affect your business in three ways:

So, how can you respect the privacy of your customers?

Use the ‘golden rule of data privacy’ – treat your customers and prospects data how you would like your personal data to be treated as a strong foundation for your security and data handling:

What about data security with your business partners?

In business where collaboration through partners has become popular, it’s critical to question how your partner treats your customer data. A partner would include any outside organisation that has access to your systems and PII – be they service providers such as brand and marketing strategists, or data and analytics partners, to certified app developers for conversion optimisation or fraud and risk management.

You are looking for partners that have the same level of respect and transparency your organisation has for customer data. It’s important that your partners, especially if located in a different country, follow the required PII compliance when they gather, store and link your data in their systems. More information can be found here in the UK GDPR.

What are some of the security tools to safeguard your customers PII?

Just like you, etika takes PII seriously. We use a range of measures and reasonable steps to protect our client’s personal information from misuse, loss and unauthorised access, modification and disclosure.  

Data security practices is changing all the time but can include the following innovative technology.

Data Discovery and Classification – his is where all data is classified, in accordance with its value to the organisation to reduce the risk of improper exposure.

Data Encryption – using a combination of hardware and software-based data encryption to secure data before it is written to the SSD.

Data Loss Prevention (DLP) – preventing data from leaving the corporate network.

Dynamic Data Masking – real-time masking of data so that the data requestor does not get access to the data, but no changes are made to the original data.

User & Entity Behaviour Analytics (UEBA) – a complex technology for baselining normal activity and spotting suspicious variations before a breach occurs.

Our tips to finding an eCommerce data security provider 
From the IDG Research Services survey commissioned by Insight Enterprises, only 27% of respondents expanded security staff in 2020. If your technical team is already pushed to its limit, you may be considering an external organisation for data security.  

Here are some factors to consider when choosing a data security provider:

There’s no hiding from cybersecurity in the eCommerce world. Protecting your customers’ data should be top priority for your business and the responsibility of everyone in the company.

Talk to us Back to Blog