Almost daily we hear about a business that has experienced some type of data breach. Whether it is credit card information, social security numbers, patient info; it represents a vulnerability and exposure to those that have been impacted. Conversely, the gatekeeper of the information has an obligation to make things right, this can take the form of credit monitoring services, notification, etc. Industries like financial services and healthcare may have further obligations if specific regulations have been breached. In most cases the breach does not reach the level of impact or scrutiny as those experienced by Target or Neiman Marcus. The causes of these high profile breaches will serve as case studies and be heavily debated as companies work towards crafting their own privacy programs. The media has repeatedly asked the question “How could this happen”? It is natural to examine and reflect on our practices and, wonder “if this can happen to big names and brands like these…what about us?” Do we have the appropriate controls? Have we examined our risks and mitigated them to a level that is acceptable? Have we conducted audits to identify our gaps? Do we have a corrective action plans?
No one wants to be the victim of a breach! However, they often serve as a catalyst to help us examine our own programs and practices and prompt us to develop plans and actions to mitigate risk to our customers.
What do you think?