A Million Dollar Business Lesson from a $3 Pack of Thumbtacks

March 4th, 2010
by Lesley

All I needed was a pack of thumbtacks. As I approached the check-out counter, the clerk flipped the “next aisle” sign around to read “open.” So far so good. But then something strange happened. She insisted on my address and phone number – for a $3 cash purchase.

A few years ago, I would have reeled them off without giving it a thought. But times have changed. Fueled by a number of factors – an awareness of how data breaches can lead to identity theft, an appreciation for the National Do Not Call Registry’s gift of peace and quiet, and “green” concerns about marketing materials I won’t read – I stonewalled. When she persisted, I conducted a blistering cross-examination:

Why do you need that information?

What are you planning to do with it?

What steps will you take to safeguard it?

To whom do you intend to sell it?

With an understandable “Why do they always wind up at my register?” roll of the eyes, the clerk relented and sold me the thumbtacks. But the episode is a reminder to businesses that routine data collection from customers is “soooo 20th century.” Many shoppers find it irritating – and when combined with account numbers, financial data, or other sensitive information, customer databases are the coin of the realm for fraudsters.

Just ask the major retailers who’ve been hit by hackers. They’ll tell you the perceived benefit of “capturing” data for nebulous marketing purposes is often outweighed by the legal risks of a security breach. These days the wiser practice is for businesses to ask only for the information they need, to store safely what they have to hold on to, and to dispose of it securely when they’re finished.

Every company – from a home-based business to a multinational retailer – needs to rethink its approach to data security. It boils down to five basic principles:

• Take stock. Know what sensitive material – account numbers, health records, financial data, Social Security numbers, credit card information, etc. – you have in your files and on your computers.
• Scale down. Keep only what you need for your business.
• Lock it. Protect the information in your care.
• Pitch it. Properly dispose of what you no longer need.
• Plan ahead. Create a plan to respond to security incidents.

Looking for free resources? The FTC’s plain-language handbook, Protecting Personal Information: A Guide for Business, is a great place to start. You’ll find other practical tools at the FTC’s information security page for businesses, including a 20-minute interactive online tutorial for your employees and articles to post on your website or in newsletters.

Tags: data breach, data security, identity theft, privacy

This entry was posted on Thursday, March 4th, 2010 at 10:57 am and is filed under For Business, Identity Theft and Privacy. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.