Is Your Customer Data at Risk?

Is Your Customer Data at Risk?
Is Your Customer Data at Risk?

I recently attended the ‘TMForum Live!’ event in Nice, in the South of France, along with many other telecoms vendors and Service Providers.  The key industry themes were Digital Transformation, the Internet of Things, Network Function Virtualisation and Customer Experience.

A subject underpinning all these trends was data privacy.  In this new digital age we spend an amazing amount of time using our digital devices.  We use them to send messages, read email, do our shopping, stream music and movies, play games online and even control the heating.  With all this interaction comes an amazing volume of data that service providers collect about our interactions, our location and our interests.  Whilst much of the data is used to ensure we are having a positive experience on the network it is also being used for other purposes such as behaviour analysis, targeted marketing and location-based marketing.

This raises the question of what we as consumers are prepared to accept as normal marketing behaviour and what is regarded as an invasion of privacy.  A targeted offer that is relevant to the consumer is considered a fair use of personal data but if that offer is received in a location that is too targeted then we introduce the ‘creepiness factor’.  For example, if I’m near a restaurant area and receive a message for discount at certain restaurants that is fine but if I’m outside a particular restaurant looking at the menu offering and receive the message then I start to wonder if I’m ‘being watched’.

Reports suggest that the older generation is more sceptical about how their personal data is gathered and used but the younger digital generation seem to embrace the concept, providing they get something from the deal. The perception is the digital generation are merely better educated when it comes to personal data.  They know that their personal data is valuable to retailers and other entities but are they doing enough to keep it safe?  If you’re a customer of Sony or Target then the answer would probably be no.

Service Providers are becoming more concerned about how they protect this data and Governments around the world share this concern.  At the end of this year the European Union (EU) will introduce some legislation called the General Data Protection Regulation (GDPR) to ensure that all businesses in the EU must protect this data.  Penalties are in place for such breaches of up to €1million and for an undertaking up to 2% of global revenue.  This level of regulation is present in many countries and levels of punishment range from fines to jail sentences.

Informatica has invested heavily in the area of data-centric security and recently won gold at this year’s RSA Awards.  These awards highlight the growing recognition of data-centric security.  They echo what our customers, partners and advisors have told us; improving information security requires focus on the data itself.

In a recent Data Security Survey by the Ponemon Institute half of the respondents said they did not know the extent of their data risk and only one in five said they could actually detect a data breach all of the time.  Service Provider’s agree that securing their data is important in this digital age but how can they protect it from both internal and external threats?  Recent high profile incidents have been external but the threat can also be internal.  A recent breach caused by employees stealing personal data in AT&T resulted in a $25m fine by the FCC.  Some businesses use data encryption, some have implemented data loss protection and some use masking technologies.  It is the combination of these capabilities that can protect the personal data from the internal and external threats.

Whilst the penalties may be quite impacting to the service provider’s business the level of brand damage received as a result of a high profile data breach is substantially greater.  As a consumer I know I’m going to receive marketing from my Service Provider so I welcome the day when its actually relevant but I expect that data to be protected from external and internal threats.  How protected is your customer Data?