November 14, 2022

Invest in Data and Information Security Now or Pay Later

November 15-21 is International Fraud Awareness week. But business leaders should be mindful of the implications of inadequate consumer data protection throughout the year. Taking the proper precautions can protect their business, safeguard their reputation, and help retain customers.

The following are some helpful information and best practices to help businesses that collect consumers’ personal data navigate the everchanging data protection landscape and shape a safer world for consumers everywhere.

What Do Consumers Think about Their Personal Information Security?

The 2021 Shred-it® Data Protection Report reveals that more than 80% of North American consumers indicate personal information security is of extremely high importance. Even so, one in three say companies fall below their expectations for timely, transparent communications regarding data breaches.

These expectations are an important factor for companies that experience a data breach. Consumers will not hesitate to act against a company when their data is compromised. According to Zendesk, approximately half of consumers will switch brands after one bad experience—and after more than one bad experience, that percentage skyrockets to 80%.

Consumers have good reason to be concerned—approximately 38% of Canadian consumers indicate that a data breach has personally impacted them.

What Can Organizations Do to Protect Their Customers’ Information?

Businesses can help protect consumer data by staying informed on applicable laws and regulations, understanding the kind of data they are collecting from consumers, and fostering a security-minded corporate culture.

Understand the rules. Keeping abreast of data protection legislation is crucial for businesses. Canada is expected to replace the Personal Information Protection and Electronic Documents Act (PIPEDA) with new legislation, the Consumer Privacy Protection Act (CPPA). As regulatory requirements evolve, businesses must stay up to date. Currently, at least three states in the U.S. have laws in place to protect consumers' personal information, and there are many other laws (state and federal) for consumer rights.

Know your data. Take inventory of the consumer data you collect, how you store it, and with whom you share it.

Employ a data minimization strategy. Ensure that you only collect, use, process, or store the consumers’ personal information you need to carry out your business. Only retain what you need for as long as you are required to keep it. The same expectations around document retention and destruction should be required of partners and contractors too. These details are vital in implementing an effective data security plan.

Prepare to act. Create a security-minded corporate culture for data protection best practices. Equip employees with the proper knowledge and tools and provide frequent reminders to keep consumer data protection top of mind.

To achieve a security-minded culture, implement policies that address the privacy of consumers’ data, regulations, and physical security for data in all forms—including electronic and printed documents.

Policies should clearly define expectations for handling and retention of documents that contain consumer data. Detail how to identify confidential documents, where and how they should be stored, and who should have access to them to carry out your organization’s data minimization strategy. Leaving confidential documents in the open or putting them in an unsecured recycling bin can aid data leaks. So, consider “clean desk” and “shred-it all” policies, and remember to account for remote workers and their environments. Businesses must maintain data security practices to protect consumer data wherever they conduct operations.

But don't stop there. Provide training to help employees put the policies into practice. Role-based training on information security policies and procedures will help ensure employees are clear on data protection obligations for consumer data.

Organizations can strengthen the effectiveness of policies by using unannounced audits and other tactics. While fraud may originate outside your organization, disgruntled employees or inadvertent errors can also be security risks. Try incorporating a surprise audit process that can expose risks or gaps before it's too late.

Organizations that are serious about consumer data protection need to remain vigilant. Even the best-laid plans can go awry, and consumers can rapidly lose trust in brands and organizations that do not alert them of a security breach involving their personal data promptly. Be prepared with mitigation and communications plans that will, in the event of a data breach, enable you to quickly provide transparency about what happened and the steps the company is taking to reduce the negative impact on their consumers as well as prevent another data breach.

Proper Data Protection Defends Consumers and Brands

As the experts at Shred-it® revealed in their 2021 and 2022 Data Protection Reports, North American businesses, large and small, can no longer consider data protection and security an optional investment. Not if they want to continue to protect the health and well-being of their trusted relationships, bottom line, and brand.

The process of educating themselves and establishing the right policies, training, and planning – before a data breach—can be overwhelming for organizations. Shred-it® can help organizations with visibility to the rapidly changing threat landscape and document destruction services to safeguard their data and reputation. Learn more about which service is right for your business.