As if angry customers, declining consumer confidence, and the threat of fines weren't enough, business executives have something new to mull on the troubling issue of lost or stolen customer data. Two U.S. senators are floating the prospect of jail time for business leaders who knowingly conceal such breaches. If top managers can't secure data in a well-guarded environment, well, perhaps they'll find themselves in one.
Things aren't that dire yet, but it's a sign of how fed up people have become with the endless reports of customer data that's been hacked, stolen, lost in transit, or otherwise mishandled. Strategic planning is probably in order to address the problem, but some steps can't wait. Business and technology managers must take action right away. Today wouldn't be too soon to start.
The broadening scope of the gaffes shows no company is immune. CardSystems Solutions Inc. earlier this month revealed a security breach that, according to MasterCard, exposed data on potentially more than 40 million payment-card accounts. UPS Inc. recently lost tapes containing the names of 3.9 million Citigroup customers. Bank of America, Ameritrade, and Time Warner have lost backup tapes, too. In March, DSW Shoe Warehouse disclosed the theft of credit-card data on 1.4 million customers.
No wonder the president of the American Automobile Association of Reading-Berks in Berks County, Pa., wanted to speak with IT director Peter Wallace after he heard about the CardSystems fiasco. The topic: his organization's own level of security. "The news out there makes people ask questions," Wallace says.
That's a good starting point. But you'd better have some good answers--or get them fast. A Deloitte Touche Tohmatsu survey found that only two-thirds of financial-services firms queried had a defined security program in place, and 18% were drafting one.