Weekly Update

Customers leery of data collection, so companies must prove data security

The news on the week was replete with privacy concerns and security breaches that threaten confidence in the technology gathering consumer data. Yet, one customer-service pioneer was also profiled with a next generation application based on massive customer data. In sum, organizations will need to implement a new generation of applications based on greater collection and analysis of customer data—and demonstrate that they have taken fair and significant measures to assure the security of that data.­­

The Target story deepens

The Target data breach continues to expand in reported scale and impact. The Trojan used has been identified. PC World reported on one analysis that concluded as many as six other retailers may have been hit by similar attacks that are said to have begun with a well-known teenaged hacker in Russia (though that is in dispute). Neiman Marcus came forward as the victim of a similar, though more limited and longer term, attack to Target’s. Moreover, Target has revealed not only that many more than the original estimated number of customers were affected (70 million, up from 40 million), but that the breach may have extended to customers who had provided only limited information in years past.

As part of their efforts to sooth affected customers, both Target and Neiman have offered free credit monitoring to affected customers, although customers are understandably suspicious of Target’s email offer to sign up for monitoring.

Brick-and-mortar privacy is compromised

As if security risks weren’t enough, consumers and retailers must navigate the further, tricky shoals of privacy in an era of in-store cell phone monitoring. As Information Week describes, the most daring of companies providing in-store data require consumers to opt out by scanning a bar code if they do not want their activity tracked. Accepted protocols will likely settle on a less-invasive, ‘opt in’ approach. The stakes are high, however. Both aggressive tactics and a reasonable backlash against such tactics can be expected.

Disney leads the way?

Gigaom has a fascinating story by the MailChimp chief data scientist John Foreman about his experience with the “MagicBands” that Disney, a long-time leader in customer service, has rolled out. This technology provides consumers with an integrated hotel-to-restaurant-to-theme park experience on the front end—and a data scientist’s predictive data analytics dream on the back end. It takes little imagination to envision how such a customized, easy-to-use consumer experience could feed big data engines in all sorts of environments, while simultaneously offering the sort of custom offers and deals that predictive analytics determine are optimal for maximizing the relationship and monetization of each individual (and group) served.

More news and security hiring

In a speech this week in response to recent NSA disclosures, President Obama offered a somewhat tepid qualification for the process by which telephone metadata is stored and accessed. This provided limited comfort to camps on various sides of the issue.

And, finally and not surprisingly, Information Week reported on shortages in hiring security professionals for government contracting.

Implications for the enterprise

The implications for the enterprise of all of this security and privacy news are clear:

  • Customers, with good reason, will be wary of lax security and privacy violations; but,
  • The rewards of improved data gathering and analysis are too great, for consumers and the enterprise alike, to significantly slow or stop the move to more data-enhanced services.

Thus, organizations will need to juggle the aggressive exploitation of the new technology with fair and demonstrable measures not to unfairly take advantage of customers and their data. Among these measures are:

  • Clear opt-in processes for in-store data collection,
  • Direct, timely and voluntary disclosure of any breaches that do occur,
  • Consumer-friendly correction and repair of any damage that may have occurred, and
  • Compelling, value-added services that make sharing information—and taking on the associated risk—worthwhile.