By Andy Bridges, Data Quality and Governance Manager at REaD Group
Why should you treat your passwords like your underwear?
It’s an odd comparison, but it’s simple really:
- You wouldn’t leave your Y-Fronts lying around for just anyone to find
- You certainly shouldn’t share them with others!
- And you change them on a regular basis (one would hope…)
Contrary to popular belief, human error and accidental loss are still the biggest contributors to data breaches in the UK – rather than attacks by cyber criminals. While it is perhaps unrealistic to expect people to change their passwords as frequently as their undergarments, good password management is incredibly important to information security. A simple 7-character password could take a hacker only 0.29 milliseconds to decipher, however, increasing this to 12 or more character will increase the potential hacking time to centuries rather than seconds.
Research conducted by the risk mitigation firm, Kroll, at the end of 2018 found that the number of data breach reports received by the Information Commissioner’s Office (ICO) has increased by 75% in the last two years. This isn’t necessarily indicative of more breaches, but more likely an increase in transparency as a result of GDPR. It was not previously compulsory to report a data breach, but the new data regulation requires that all companies must report a breach to the ICO within 72 hours.
Above all else, data security should now be a COMPANYWIDE responsibility. It does not rest solely on the shoulders of IT and compliance departments, but with everyone working within a business. Every effort should be made to incorporate information security into office culture so that it becomes second nature.
Embed into Company Culture
Staff should receive regular training to ensure that everyone understands best practice in the workplace. Company HR policy should also be altered to reflect the fact that responsibility lies with all employees to instigate better behaviour.
Everyone in the business should be on the lookout for potential threats to information security, such as leaving computer screens unlocked and leaving confidential paperwork unattended, and should be encouraged to self-police. Implementing a clean desk policy is good practice for safeguarding confidential information.
Companies need to better understand what information they have in order to protect that information. As well as ensuring that data is clean, viable and that all relevant permissions and consent are held for the data, companies must also ensure that the appropriate data protection and information security practices are in place. It states in Recital (100) of the GDPR that:
‘In order to enhance transparency and compliance with this Regulation, the establishment of certification mechanisms and data protection seals and marks should be encouraged, allowing data subjects to quickly assess the level of data protection of relevant products and services.’
Essentially these practices are entrenched in GDPR under Article 25 – ‘Privacy by Design’ and ‘Privacy by Default’. These concepts are by no means new, but are instrumental in incorporating information security into business culture.
Privacy by Design means businesses need to consider privacy at the initial design stages and throughout the development process of any new products, processes or services that involve processing personal data.
Privacy by Default means that when a system or service includes choices for the individual on how much personal data he/she shares with others, the default settings should be the most privacy friendly ones.
GDPR has presented a great opportunity for UK businesses to step up their data protection strategies and better protect themselves against data breaches. The regulation stipulates that companies must be more rigorous in their approach to collecting, storing and using customer data – which should correspondingly see a vast reduction in accidental loss. This increased transparency should ultimately result in more trusting and loyal consumers.
The more businesses understand their obligations and ensure they have implemented appropriate data protection strategies, the sooner we will see a significant reduction in the number of data breaches.
As the memories of Christmas overindulgence and lethargic bliss begin to fade, we must begrudgingly turn our attention to the new year. Back to business. While the usual resolutions of healthier eating and gym memberships may, in some cases, not last till the end of the month, there is a certain resolution we recommend you make in 2019…and stick to! Quite simply – CLEAN YOUR DATA.
Data is the cornerstone to any campaign. By using poor quality data, you immediately put yourself at a disadvantage and this will have a knock-on effect to the rest of your marketing endeavours. Ensuring your data is clean and accurate from the start will provide the best foundation for all subsequent activity.
Not Just Good Sense, But Law!
One of the key requirements of last year’s new data regulation (GDPR) is that inaccurate data must be rectified and cleaned without delay – or deleted (Article 5(1)d). The primary focus for many companies in the lead up to GDPR’s implementation was understanding the legal bases for processing data, with the majority concentrating on consent. However, it has been very encouraging to see more and more businesses acknowledging their obligation to data accuracy.
We have it on good authority from some of the UK’s leading retail brands that data quality is high on the agenda for 2019:
‘‘to ensure we hold the most accurate and up to date customer data, as well as continuing to fulfil our obligations under GDPR and relevant mailing requirements.’’
Customer trust can be very difficult to cultivate. With a number of scandals surrounding data occurring last year this is more true now than ever. Consumers are becoming increasingly concerned about the data they share, and increasingly savvy when it comes to data protection law and their rights. In research conducted by REaD Group last year we found that more than 70% of consumers expect their data to be accurate [Source: Accuracy and Relevance – GDPR Impact Series 2018]. The tolerance for companies getting it wrong is decreasing all the time.
The risks of brand damage incurred from using poor quality data are huge. In the age of social media, headlines are no longer necessary for news to go viral – anyone with a Twitter account can now wreak untold damage with 280 words and a well-placed hashtag!
More than the prospect of brand damage, companies now have a duty to consumers to be transparent and responsible when handling their data. This is, after all, why GDPR was introduced. This responsibility extends to ensuring that data used for campaigns is accurate.
Unnecessary distress and anguish is caused by continuing to contact deceased individuals in your database – and will certainly make most people think twice about continuing to use your brand in future. Many consumers now consider it a given that companies make the effort to keep track of relocations and goneaways.
Unlike dragging yourself out of bed at silly o’clock for that early morning run or eating that quinoa salad (while your colleague demolishes that burger and chips) – data quality doesn’t have to be a struggle! With established and trusted data quality services such as GAS, TBR and GAS Reactive from REaD Group – available via a choice of flexible delivery methods to suit organisational and technology requirements, it is now achievable and affordable to optimise the accuracy of your data.
Start this year right – contact us today for your free data quality consultation!