Not a month goes by without a revelation of a mass data breach at a major commercial or government institution. Since the Target fiasco the well being of customers who shop at Michaels Stores, Sally Beauty Supply, Neiman Marcus, AOL, eBay and P.F. Chung was compromised. The credit scores and reputation of 47% of US adults are compromised by white color criminals. Experts estimate the annual cost to US economy to reach $100B. Google’s breach of their email users information is not included here because the users are not Google’s customers, the advertisers are and their experience was not degraded by the breach.
As the list of security breaches grows longer a common pattern of apologies and very rare firings is emerging. It appears that institutions, to which we entrust our vital information, treat these systematic failures as no more than Public Relations set backs. After empty apologies and stupid advice to change your password, there are no reports of real investment into fundamental change in securing our data.
To be fair, the commercial institutions affected usually do mitigate customer’s monetary losses directly attributed to their breach of security. However, they are not held responsible for any negative impact on these customer’s credit history or other non monetary losses cascading from the careless treatment of customer’s data.
I use the word “careless” intentionally, because these security breaches are not the result of irresistible technological prowess of international mad geniuses. They are a direct result of an economic equation – it is cheaper for an institution to reimburse customers than to implement a bulletproof data protection. Once again business leaders and government bureaucrats put short term financial results and budgetary priorities ahead of the long term interests of their key stakeholders – customers, investors and taxpayers.
As consumers we should have the opportunity to assess the reputation and history of a business guarding their customer’s data, before we decide to do business with the company. Yet, when every government clerk or doctor’s office assistant demands my Social Security data, there is nothing I can do to protect myself. Meanwhile 1.84M people affected by medical identity theft in 2012.
Data security is not my field, customer centricity is. The reason I am writing about this subject is because I see an epidemic of customer data breaches and other forms of cyber fraud as a sign of fundamental disregard for customer safety. In my opinion these organizations have to be held accountable to a higher standard as their leadership breaches their fiduciary obligations.
An onslaught of technological innovation is marching on and I like the new, shiny toys as much if not more than most. However, I am aware more than most that designers, manufacturers and retailers who sell us these toys do not view our security as their responsibility. They should, before we stop buying.