24/02/2020

Why all personal data matters when a data breach occurs

Syrenis Founder and Product Architect, Nicky Watson, answers the question as to why it should matter to individuals when their data (and it’s generally their email) is leaked in data breaches, such as in the recent Estée Lauder breach. Well, they didn’t expose any passwords, or financial details, or anything sensitive so why would it? …


Back to all blogs
Why all personal data matters when a data breach occurs

 

I was just asked this by a friend, so I thought I’d write the answer.

Well first off I’m a practical person, so I always assume more has been exposed than is initially reported, just because I know it takes time to investigate with confidence. Many of these breaches have big windows where the vulnerability had a long timeline before realisation.

But importantly it’s the secondary use for harm that individuals need to be aware of. If you have recently interacted with a brand you are far more likely to open attachments or follow links in emails. I can see it now, ‘Thank you for registering with us, you have been specially selected to be a trial tester for our latest cosmetic range, just pay the postage of $2 and we’ll send you the testing rage worth $100’ Of course, it’s not $2 but probably $100 taken from your credit card (always just below amounts that would trigger banking transaction AI suspicion) and individuals spend weeks trying to reclaim the money. The organisation also in the mind of the individual is lessened or even blamed, consciously or sub-consciously.

This leads on to why organisations need to care about how individuals data is used, what care is taken of it and who it’s shared with. There are many reports being published currently explaining the positive return on investment implementing good data protection and privacy practices has. They range in focus but the general message is this: If you respect your customers and their rights, this leads on to implementing good data practices, knowing where you hold information, being able to audit how you received it, on what basis you are holding it and how long you can keep it. Knowing how you can use it and very importantly with whom you share it.

Having siloed pots of unconnected data where you struggle to implement an individual’s preferences quickly and efficiently has huge hidden costs as well as highlighting practice issues. Organisations are unable to answer individuals queries efficiently because there are no logs of where and how an individual’s data has been collected, used or shared! Even automatically knowing which systems an individual’s data is held in can become an impossible task. In contrast to this, if you have a system such as Cassie (I’m honest in my self-motivation and product plugs!) all of this detail is available. Organisations feel they are not only building a relationship with their customers by understanding what they want and how they want it (have you ever been given a cup of coffee with the wrong amount of sugar!) but they feel in control of their data and are confident in their use of it.

In summary, we all should care!