I recently wrote an article for CMSWire discussing how a consumer can make small changes to protect his or her online identity and what organizations can do to support these efforts.
Those who have made a purchase – whether in-store or online – within the last few years understand that providing an email address has become a standard part of doing business in the United States. In light of the recent observance of Data Privacy Day, I presented questions for consumers to consider asking the next time they are asked for this information:
- Why?
- What will you do with it?
- With whom will you share it?
- How will your company protect it?
Chances are that most retail clerks will not have the answers to your questions on-hand. However, if you are doing business with a regulated entity, such as a bank or financial institution, the organization is required to provide information about its privacy practices in an annual notice along with information about how it shares information with its affiliates.
This brings us to the question at-hand – even if you trust the company with which you are doing business, do you trust the companies they work with to do their business? When you provide your email address to your favorite downtown shop, online music store, or even your bank, you are entrusting them with your personal information. Do you know if they share that information with business affiliates and partners, or if they sell their mailing lists to others?
In the same way that you protect your physical identification and credit cards by securing them in your wallet or purse, remember to take the same care with your identification and financial information online. Don’t choose to have websites “remember” you unless you are confident in their privacy and security practices. Select to use the most protective settings in your web browser of choice. While you may have to fill out online forms more than once and your items may not be saved in your cart for the next time you visit the site, you can rest easy knowing you are taking the right steps to protecting your identity in any way you can. At the end of the day, if consumers make protection of their private information a priority, then the companies competing for their money and loyalties must do so as well.
To read more about how consumers and organizations can work together to protect personal information, please visit CMSWire.
Learn how we can help your organization establish trust with consumers and secure sensitive data by visiting our website.
Identity and Access Management have become a service that is no longer reserved for large organizations, but one that all levels of business must now tackle.
Very true! I’ve assisted in breaches at the last 3 major retailers I’ve worked with. It’s becoming the norm!
I’ve been a breaching “victim” that many times in as many years 🙁
I so agree with your blog Dana. It’s so crazy how many data breaches there has been from Target to Anthem and Premera. It’s has got to a point where I will dedicate a separate laptop only to be used for financial data. Maybe that can only help me on my end because as you mentioned, we do not know how the company we deal with protect are data themselves. Also I do that 100% of time where I don’t save any information in my cart and make sure websites/browsers don’t remember anything.
It’s crazy how many times you get “that look” when you refuse to give out too much information to the clerk at a store.
Concerning the financial information, we utilize isolated machines for accessing client bank accounts in effort to keep data safe and private.
It’s takes courage to do the right, smart thing!
I agree. It’s amazing how blithely people will give out their phone numbers, addresses, etc.–but then, I tend not to believe the “Oh, we won’t sell you to any mailing list” assurances either.
Great advice. The only hard part is having to keep up with all the different passwords per site!
My company recently installed and practically forced a password keeper on us. I just don’t trust the one source to have all my information either!
Security is our top concern. The trust relationships are difficult and can be risky for any large institutions.
Thanks for all of your comments! I agree that security and privacy should be everyone’s concern. Of course the challenge is that businesses are in business to make money! So Security Officers and Privacy Officers have to balance the protection of information and regulatory compliance with collaboration and the free flow of data. Just because something can be done, of course does not mean it SHOULD be done. As I’ve said in several other posts, I think consumers and citizens have a big responsibility of rewarding (and punishing) companies that do (or do not) to the right thing! From the business side, I try to work with our customers (in the compliance role) to connect the dots with their IT and business counterparts-so that they can see the value in a good and proactive data privacy and security program-and understand it makes good business sense!
Very good advice. Thank you.
Very good advice. It’s all about identity and how to secure it.
Great advice! When I read it I get that…well duh…..thought. But many people will just blindly hand out their other information without thinking. Many times clerks will ask for email or zip code….I usually say no, just on theory.
yes, and even when they do it, they do it LOUDLY so everyone can hear it, even their phone numbers!
Great info! We are such in a hurry at times, we don’t know what or why we are giving out our information. Better to just say no.
That is so true, it’s easier to just go with it than stop and bog up the line and say no. But so worth it when you do.
Great advice – I know it in my head, sometimes hard to practice…
This event at Ignite is my favorite. Look forward to it.
It’s all about identities and user behavior.
passwords management is a nightmare when we are using passwords per site..
THought provoking but no matter how hard we try there is the next thing to trick us. Truly protecting our data on a network is like chasing windmills
Engaging read. This should be info that they should teach kids in Elementary School.
Very good advice. Thank you.
Agreed, good points. Security is no longer a niche. We must all consider from any IT role (admin, dev, mgr) and apply within our daily work routine. Modern leading edge attack vectors are clever and constantly evolving. Pays to current keep open dialog with coworkers.
* How does this change affect our security vulnerability?
* Will this new feature require patching/maintenance?
* How can we security test added 3rd party plugins?
etc.
So hard to practice although I know it is the right thing to do.