Protecting consumer identity and preventing data loss and leakage are the new brand protection priorities facing large organisations today as consumers become increasingly concerned over identity cloning, theft and fraud, according to personal records management specialists, PAOGA Ltd.
The company believes that consumers are getting increasingly anxious about the amount of detailed information about them that is scattered on numerous databases held by various public and private organisations. With high profile scandals revealing significant volumes of sensitive, personal data being accessed, stolen or misplaced, PAOGA argues that organisations are realising that they have both a legal responsibility and a moral duty to protect the identity of their customers.
“In recent years, lack of compliance and accounting scandals were the most prevalent means of damaging a brand, as evidenced by the likes of Andersen and Enron,” says Graham Sadd, CEO of PAOGA Ltd.
“Today, its consumer concern over identity fraud. Large multi-national organisations with hundreds of thousands of customers have become sitting ducks for hackers and identity thieves, particularly with regards to billing information.”
To support its claims, PAOGA points to an AOL engineer who allegedly stole the identity of a fellow employee to gain access to the company’s list of 93 million member screen names, which also included private information such as telephone numbers, post codes, and the types of credit cards customers use to pay AOL bills.
In addition, in February this year, criminals gained access to ChoicePoint’s massive database of consumer information, gaining the personal identity details on 145,000 people. Thieves used previously stolen identities to create what appeared to be legitimate businesses seeking ChoicePoint accounts, opening 50 accounts and receiving volumes of data on consumers, including names, addresses, Social Security numbers and credit reports.
“Data loss and identity theft doesn’t just happen at the individual level,” adds Sadd. “Unscrupulous criminals are also targeting groups. Bank of America lost computer tapes containing credit card information that exposes some of the most powerful men and women in the US to identity theft -- or worse.
"The tapes contain the personal financial information, Social Security numbers, home addresses and phone numbers of more than 60 U.S. senators as well as employees of more than two dozen federal agencies, including the three main military branches, NASA, the Department of Energy and the Department of Justice.”
The UK Data Protection Act which provides individuals with certain rights over their personal data including the right to view, correct, update and, in certain cases, delete information held about them. However, realistically, few of us have a clue where this data is held so exercising our rights is impractical if not impossible. More so when you start adding up how many separate organisations have collected such data.
In addition to government departments, think of all of the forms you have filled in during the past year, the questionnaires, the credit, loyalty and membership cards you have in your wallet. Every one represents a huge database in which you are an entry. And these are only the ones that you know about. There are also disreputable firms who ‘trade’ such data which is why individuals end up receiving junk mail and spam from organizations that they have never heard of.
“I believe a brand backlash against irresponsible companies is inevitable,” added Sadd. “Customers will be looking at the way suppliers address security and respect personal data in the future and, as the evidence of abuse and the financial consequences become more understood then this will become a key decision factor in choice of suppliers. This could significantly change the competitive landscape and we are already seeing companies using security as a brand differentiator.”
PAOGA believes that the legal responsibility for a person’s data should be devolved back to the individual through the use of Personal Data Vaults which would shift the ownership, management and control of individual data from internal company databases and CRM systems back to the individual.
“Individuals can then grant access to their data to trusted third parties on a permissions only basis, such as GPs, solicitors and employers, acting as ‘Data Guardians,’ but not actually having the legal responsibility for maintaining the data,” adds Sadd. “The individual retains control, management and ultimately the access of their own data.
"Typically, fifty percent of an organisation’s HR resources are spent collecting, storing and protecting data it doesn’t own, which is simply financially inefficient and an unnecessary overhead. These costs, combined with the tidal wave of EU and UK legislation require a collaborative process to facilitate data compliance in both the public and private sectors.”
In October 2004, the UK Government’s Better Regulation Task Force revealed that red tape is costing British businesses more than £100 billion per annum and compliance is now one of the fastest growing industries in Britain with some experts suggesting it employs 40,000 people.