2011: the year of the data breach?


Date: 8 April 2011

Shredded paper

Are you taking care of data properly? (Image: Flickr user dawnzy58 under Creative Commons.) 

If the first months of 2011 are anything to go by, this could be the year of the data breach. It almost seems like companies are falling over each other to give away information about their customers.

Here are three high-profile data breaches that have hit the headlines in the last month alone.

While you read about them, think about how many smaller incidents may go unreported or even undetected. Then stop to consider if your business does enough to safeguard its customer data.

1. The Epsilon effect

Epsilon runs huge email marketing operations for clients like Citibank and Marks & Spencer, yet still managed to have millions of customer email addresses stolen when someone got into the company's systems without authorisation.

What we can learn: the information stolen during this breach belonged to Epsilon's clients, many of whom have since warned customers that they may receive more spam as a result.

So, if your business shares data for marketing purposes or joint ventures, make sure you only work with partners you trust, and ask searching questions to find out how they protect the data. Get a strong contract in place that - if possible - places financial liability for data breaches on their shoulders.

2. Don't Play with your data

Hugely-successful Jersey-based online retailer Play.com suffered embarrassment last month when users reported receiving junk email to addresses they'd only ever used on the site. It soon emerged that a company responsible for some of Play.com's marketing communications had suffered a breach.

What we can learn: spotted the pattern yet? Just as with the Epsilon breach, although Play.com customers were affected, the leak actually occurred at another company.

However, Play.com's subsequent customer communications are an exercise in good damage limitation. They apologised quickly, explained what went wrong and described the possible consequences for customers.

3. Losing data the old-fashioned way

York City Council adequately demonstrated that you can lose data without turning to high-tech hackers. All you have to do is print it out and then send it to the wrong place. The council was criticised this week for accidentally posting personal information to a third-party.

What we can learn: hard copies can cause problems too, especially when left lying around. If you have to print out sensitive information, grab it from the printer quickly, then keep it somewhere it can't get mixed up with other paperwork. Once you're done with it, shred it.

What does the * mean?

If a link has a * this means it is an affiliate link. To find out more, see our FAQs.