It’s always easier to grasp a problem—and sometimes find a solution—when it hits close to home.
My aunt, an elementary-school principal, always keeps her students’ well-being top of mind. That’s why when she creates the yearly school calendar, complete with photos, she sends every parent a permission slip allowing them to “opt out” if they prefer any shot of their child participating in a class or school event not be used. But things do fall through the cracks.
When the 2007-2008 school calendar came out, a couple of parents complained their children appeared in the calendar, even though they opted out. While she was sure it was a mistake, there was no way to research it—all paper-based permission slips were thrown out once the calendar was printed in spring 2007.
“It’s time to change the system,” she said. “When something doesn’t work, it has to be changed.”
If my aunt’s experience illustrates anything, it is that data-exposure incidents—whether involving photos or electronic information—occur daily. That’s when it hit me: It is time for retailers to take their own actions to change the system.
I’m calling this change the move to “Data Loss Prevention”—an overall, comprehensive data loss-prevention strategy. And it is long overdue.
Cyber-thieves continue to pirate consumers’ personal data and they are claiming their booty through retailers’ systems, including e-commerce sites, point-of-sale devices, gas pumps and ATMs. And inside jobs stem from crooks using fake credentials to gain network access.
Sure, retailers are making efforts. Most encrypt data and work to comply with PCI DSS (Payment Card Industry Data Security Standard), a standard established by the four major credit-card companies to protect cardholders against the misuse of their personal information.
While these are important steps, “They are not the answer,” Paul Proctor, research VP, Gartner, Stamford, Conn., said during the annual FMI and Marketechnics Convention held in Las Vegas in May. “And truth be told, PCI was never intended to be a security measure.”
That said, it is time to take ownership when creating security. And t