Customer data breach is raising concerns for many organizations. A recent incident happened at Target makes it clear that data breaches not only affect the staff group, but higher officials as well. The latest victim is Target’s chief executive, Gregg Steinhafel, who became the first CEO to lose his job over the theft of customer data. Gregg Steinhafel stepped down from the position of CEO, after the disclosure of the huge data breach that happened during the last holiday season. Hackers stole 40 million consumer data records, containing credit card numbers, names, phone numbers, and email and mailing addresses. It greatly damaged the firm’s reputation and profit.
Apart from Target, other firms such as Michaels and Neiman Marcus are also affected by massive customer data breach. Michaels has lost the credit and debit card information of 3 million customers who shopped from some of their stores last year. Anyhow, the names, Personal Identification Numbers (PIN), and addresses of customers were not affected. Cyber attacks in to the document management system of organizations have sparked debates in Washington on the need of having a uniform breach-notification law that require companies to inform their customers as soon as a data breach has occurred.
Addressing Customer Data Breach
According to Better Business Bureau (nonprofit organization in the U.S. that focuses on building trust in the marketplace), customer data breaches can be handled using the following measures.
- When the data breach is discovered, the company should inform their customers via a data breach notification policy.
- Employees should be given training on how to identify a potential customer breach, by creating awareness of what all constitutes a data breach. A provision for the confidential reporting of data breach should be built for employees to report the incident without fear.
- Once a data breach occurs, the company should investigate the facts surrounding the breach such as the format of data storage (paper or digital), the number of persons affected, their location (state and country), details of hackers, whether the data is susceptible to misuse, and so on. They should also identify the details included in the hacked data such as names, addresses, payment card numbers, birth dates, and social security numbers.
- If the hacked data includes financial information such as payment card numbers, the financial institution that manages the card processing should be contacted.
- The company can seek the help of an attorney of the concerned state to identify the laws that might be involved, and to determine whether consumers or the government should be alerted about the incident.
A secure electronic document management system can minimize the risk associated with data breach and ensure that sensitive information is accessible only to authorized users. Through the process of document scanning, microfiche and microfilm scanning, as well as other methods of digitization different file formats can be converted into secure electronic files. A good repository which is secure with the right indexing and search capability can be really useful in this instance. Eve with all that data security is the key.
