Protecting Customer Data – The Impact of new EU Legislation

By John Greenwood – Director, Compliance3 Why do breaches happen? Data breaches happen simply because organisations have failed to maintain adequate security in three areas: people, processes and technology. People are the weakest link. According to Ponemon in the 2014 “Cost of Data Breach Report,” negligence or human error was the primary root cause of data breaches. Forty percent of incidents involved a negligent employee or contractor (human factor), the root cause of 38 percent of incidents involved a malicious or criminal attack and 22 percent experienced system glitches, including a combination of both IT and business process failures. Most breaches occur because people have not followed policies set by their employer and their employer has not focused enough, at the most senior level, to implement and maintain robust security and compliance policies. Such negligence not only costs business in terms of lost revenue, but is also career limiting for those involved. The massive breach of the Target US retail chain in November and December 2014 led to the dismissals of both Target’s CIO and CEO. According to a US Senate report on the breach, “Target managers missed information provided by its anti-intrusion software about the attackers’ escape plan, allowing attackers to steal as many as 110 million customer records.” We can see this in contact centres where the culture is not entirely positive and where employees are exposed to the risk of transgressing to the dark side. The temptation, especially for an individual on a zero hours contract and earning close to the minimum wage, in a harshly managed or oppressive environment, to sell data to a stranger...