Following the recent headline-making breaches at Target and Neiman Marcus, which exposed the personal data of 100 million-plus customers, as well as the secrets exposed by Edward Snowden that the U.S. government is collecting data on the communications of U.S. and foreign citizens, the question is: Who cares?
Target will be hit with costs of around $1.4 billion, according to a Wall Street Journal report. So, execs are presumed to be finally taking notice of the consequences. But, is the general public mindful of these intrusions into their privacy? Are average citizens willing to have their personal information exposed if it means convenience in using credit cards, mobile devices or the internet?
Despite the efforts of security experts to spread the word on safe online practices, and all the appliances put in place to protect enterprise and public networks from the “bad guys” trolling for proprietary data and personal information, what exactly is the deal with privacy? Who suffers most when a breach occurs: The person whose PII is purloined, the financial institution responsible for restitution, the security firm whose tool has just been proven ineffective?
“Target is the sea-change that has impacted not only consumers but regulators, merchants and the banking industry,” said Craig Spiezle, founder and president of the nonprofit Online Trust Alliance. Up to recently, a breach has been perceived as a business annoyance and was ignored by many, he said. “As the world is increasingly becoming a data-driven economy, data security and privacy issues are now top of mind.”
Spiezle added that as consumer anxiety is climbing, the industry must move from a misguided view that compliance is enough and commit to data privacy and security stewardship. “We must provide great user controls and focus on data minimization to reduce the exposure, while also communicating to users the value they receive in exchange for their personal information.”
But, still, will it take a fraud committed in their name to get individual customers to raise their voice? “As long as the financial and retail sectors continue their refusal to disclose the sources and types of breaches from which they suffer, then that – personal liability – should never happen,” said Avner Levin, associate professor and director of the Privacy and Cyber Crime Institute, Ryerson University in Toronto. “Let's start by asking for transparency and information sharing around security breaches.”
If the masses are not yet careful enough with their online habits, perhaps board rooms, at least, are getting the message that privacy is not simply a security issue, but a component of business operations that affects their bottom line.