Hackers. They steal and sell data, especially at the point of sale and during customer acquisition periods. No customer wants their personally identifiable information (PII) floating around loose in the world, especially when they shared it with a company that maintains a trusted reputation. Likewise, your company wants to do its utmost to protect your customers' information and ensure maximum trust in your corporate brand.
All companies who deal with data must be constantly vigilant to this type of fraud as a critical part of its corporate security protocol and brand integrity strategy. Moreover, customer data incursions are common and costly. Javelin Strategy & Research estimates that new account fraud will soar 44 percent between 2014 and 2018, rising from $5 billion in annual losses to a projected $8 billion.
For example, a large utility company, like other companies who take in and retain data of account applicants and customers, was searching for the best possible position to help protect and safeguard its customer information. Like many utility providers, this company used credit data for customers applying for service, and wanted a way to mitigate risks associated with a potential data incursion, but did not want to encrypt that information. After considering options, they took a bold approach and completely rid their systems of valuable PII. As such, if someone with malicious intent tried to access their systems, there would be no valuable PII data available. To accomplish this, they employed a safe haven for the PII data.
At the heart of the data safe haven is a third party, offsite data management provider that houses PII data and has the ability to generate a persistent referential key from within its data ecosystem. Ideally, the company who is providing the safe haven service will already use anonymous keying data to help enhance the security of its customers' PII.
By using data integration and deterministic matching, the data safe haven is able to assign unique, persistent identifiers around household or individual addresses. This way, it can match these “identifiers or keys” and public demographic information to client databases without exposing PII. The best safe haven platforms are able to apply unique individual, household and address keys in a fraction of the time it takes traditional methods to match records. The result is a faster and more efficient method of managing and linking customer information.
Customers that use a data safe haven can retrieve the PII whenever they want it because the key is persistent. It's important that the keys are customer specific so that if one client company is compromised, other clients or individuals are not compromised.
Data safe havens are most appropriate for regional and smaller utilities and communication companies that want to store data-at-rest off-premise. With the right persistent keying technology in place, the data safe haven is an elegant and simple solution that enables companies who deal with PII to increase data safety and help reduce security risk.
