Protecting consumer identity and preventing data loss
and leakage are the new brand protection priorities facing large
organisations today as consumers become increasingly concerned over
identity cloning, theft and fraud, according to personal records
management specialists, PAOGA Ltd.
The company believes that consumers are getting increasingly
anxious about the amount of detailed information about them that is
scattered on numerous databases held by various public and private
organisations. With high profile scandals revealing significant
volumes of sensitive, personal data being accessed, stolen or
misplaced, PAOGA argues that organisations are realising that they
have both a legal responsibility and a moral duty to protect the
identity of their customers.
“In recent years, lack of compliance and accounting scandals
were the most prevalent means of damaging a brand, as evidenced by
the likes of Andersen and Enron,” says Graham Sadd, CEO of PAOGA
Ltd.
“Today, its consumer concern over identity fraud. Large
multi-national organisations with hundreds of thousands of
customers have become sitting ducks for hackers and identity
thieves, particularly with regards to billing information.”
To support its claims, PAOGA points to an AOL engineer who
allegedly stole the identity of a fellow employee to gain access to
the company’s list of 93 million member screen names, which also
included private information such as telephone numbers, post codes,
and the types of credit cards customers use to pay AOL bills.
In addition, in February this year, criminals gained access to
ChoicePoint’s massive database of consumer information, gaining the
personal identity details on 145,000 people. Thieves used
previously stolen identities to create what appeared to be
legitimate businesses seeking ChoicePoint accounts, opening 50
accounts and receiving volumes of data on consumers, including
names, addresses, Social Security numbers and credit reports.
“Data loss and identity theft doesn’t just happen at the
individual level,” adds Sadd. “Unscrupulous criminals are also
targeting groups. Bank of America lost computer tapes containing
credit card information that exposes some of the most powerful men
and women in the US to identity theft -- or worse.
"The tapes contain the personal financial information, Social
Security numbers, home addresses and phone numbers of more than 60
U.S. senators as well as employees of more than two dozen federal
agencies, including the three main military branches, NASA, the
Department of Energy and the Department of Justice.”
The UK Data Protection Act which provides individuals with
certain rights over their personal data including the right to
view, correct, update and, in certain cases, delete information
held about them. However, realistically, few of us have a clue
where this data is held so exercising our rights is impractical if
not impossible. More so when you start adding up how many separate
organisations have collected such data.
In addition to government departments, think of all of the forms
you have filled in during the past year, the questionnaires, the
credit, loyalty and membership cards you have in your wallet. Every
one represents a huge database in which you are an entry. And these
are only the ones that you know about. There are also disreputable
firms who ‘trade’ such data which is why individuals end up
receiving junk mail and spam from organizations that they have
never heard of.
“I believe a brand backlash against irresponsible companies is
inevitable,” added Sadd. “Customers will be looking at the way
suppliers address security and respect personal data in the future
and, as the evidence of abuse and the financial consequences become
more understood then this will become a key decision factor in
choice of suppliers. This could significantly change the
competitive landscape and we are already seeing companies using
security as a brand differentiator.”
PAOGA believes that the legal responsibility for a person’s data
should be devolved back to the individual through the use of
Personal Data Vaults which would shift the ownership, management
and control of individual data from internal company databases and
CRM systems back to the individual.
“Individuals can then grant access to their data to trusted
third parties on a permissions only basis, such as GPs, solicitors
and employers, acting as ‘Data Guardians,’ but not actually having
the legal responsibility for maintaining the data,” adds Sadd. “The
individual retains control, management and ultimately the access of
their own data.
"Typically, fifty percent of an organisation’s HR resources are
spent collecting, storing and protecting data it doesn’t own, which
is simply financially inefficient and an unnecessary overhead.
These costs, combined with the tidal wave of EU and UK legislation
require a collaborative process to facilitate data compliance in
both the public and private sectors.”
In October 2004, the UK Government’s Better Regulation Task
Force revealed that red tape is costing British businesses more
than £100 billion per annum and compliance is now one of the
fastest growing industries in Britain with some experts suggesting
it employs 40,000 people.