You've heard me go on and on about the importance of personal identity management (PIDM), and the principles you'll need to adopt to thrive in a PIDM-enabled ecosystem, for a year now. You've heard statistics like:
- 53% of security breaches in 2012 involved compromised personally identifiable information (PII).
- Nearly half of US online adults don't even trust their financial institutions to keep their personal data secure.
But as we head into 2013, what's the one thing that I urge you to think about? The one thing you can do, starting tomorrow, that will help you build trust, improve customer communications, and ensure that your organization is PIDM-ready when the trend reaches an inflection point?
This is the practice of creating accountability for your firm's data collection, management, and use practices — including those of the vendors you hire to augment your customer intelligence teams. Many of you think you're practicing good data stewardship already: You ensure that your vendors hold the highest compliance certifications, you've hired a chief privacy officer, and you've restricted access to customer PII to a limited number of people, always behind the company firewall. But guess what? That's not enough, as United Airlines' Twitter Customer Care team discovered last month.
In an attempt to respond quickly and efficiently to a lost baggage issue, someone on that team posted the customer's "File Reference Number" on its public Twitter stream. To her horror, the customer discovered that anyone who saw the Tweet could find her home address and phone number. Why? Because United's baggage tracking site required only the FRN and her last name — part of her Twitter bio — to retrieve the following page*:
Many people said that United should have required strong authentication measures before this information was revealed. But that's simply not practical yet, because there are too many people, aside from the customer, who might have a legitimate reason to look this information up — a parent, a spouse, a travel agent, a secretary.
So what are firms to do? They must implement strong data stewardship, with governance policies, training, and enforcement.
If this is an issue of interest to you — and it really should be– please sign up to receive a notification when the report Data Stewardship Is A New Customer Imperative publishes later this month. It includes example organizational models, the issues to tackle, and a RACI grid to help you get started down the data stewardship path.
*We've blocked the majority of the PII, and we obtained the customer's approval to post this image.