Do you have a policy about customer data?


I recently returned from an IT security-focused conference in Hawaii (first time ever in Hawaii) where I asked the people attending, “How many of your organizations have a policy in place about protecting customer data.”

– Three people out of a hundred in the room raised their hand.

Not being sure whether they heard me or not, I repeated the question, just to be sure.– Only three hands were visible out of a hundred people.Other than being dumbstruck by such a small response, the results are scary, especially considering all of the events that have occurred in the past year.  I thought that protecting customer data would have become an autonomic “OOMMM ……. we shall not lose customer data ….. OOMMM” mantra that everyone could salute.Apparently, the protection of customer data has not yet become a major issue, or not enough of one that it registered among the organizations of the attendees at this conference.  Funny, but I always thought IT security was ultimately about the integrity, availability – and yes confidentiality – of data.The practical experience of firms that have lost customer data, and the documented research findings (see, make it abundantly clear: the loss of customer data costs reputations, customers, and money: lots of money.So my question remains:
Does your firm have a policy in place that says, “We will not lose – nor have stolen – customer data?”

Jim Hurley


One Response to “Do you have a policy about customer data?”

  1. edickson Says:

    I’m amazed at the result of the question regarding having a policy to protect information. Especially considering all the recent (very public) data breaches in the past year.

    Having a stated policy involves everyone on the team in the effort of protecting information. If done properly, it goes a long way towards educating everyone why it is important.

    When I say everyone, this can refer to an organization’s customers, also.

    In fact, employees who don’t know any better often compromise information. One recent example of this would be the employees of a Nuclear Research Facility that fell for a phishing scheme and downloaded malware.

    Once in awhile, I deal with a customer who has had their information stolen.

    They are normally very angry, or at least the ones who make it to me are.

    All of us need to remember that consumer trust is one of the key principles of building any successful business.

    My ability to convince these people that information security is taken very seriously (and sometimes assisting them in reaching out for help) goes a long way towards rebuilding a customer’s trust in our organization.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: