Data breaches – when companies fail to keep your details secure – are becoming increasingly common. So how should they respond when the breach happens, and should we be worried about our information?
Over the past months we’ve seen a number of high-profile data breaches of customers’ personal data reported from companies including Sony, Play.com and Travelodge. In fact, there have been data losses from nine high-profile companies already this year.
The details exposed and the numbers affected differ in each case, but there’s one overriding theme here – that consumers’ personal details are being put at risk.
And our recent survey of the general public shows that it’s something many people are worried about. Seven out of ten of those we surveyed are increasingly worried about the safety of their personal information held by organisations.
Varying levels of risk
Now I don’t want to be alarmist here, so to put things in perspective, the type of information breached will dictate the level of risk to those affected, and admittedly this is not always a high one. That aside, I do very much believe we should be able to give a company our details and expect it to be kept safe.
As modern consumers I think we are all quite accepting of the fact that to buy and use products or services, online and otherwise, we need to hand over credit card details and email addresses, often as the absolute minimum information.
The end result is that dozens – potentially hundreds – of organisations will hold at least some of your personal information. This isn’t an issue as long as the companies keep your data safe. So are they?
In our survey 15% were aware of being the victim of a data breach. Of those who had been affected, a quarter had card details exposed and bank account details for one in five. The most common personal information found to have been involved was name, address and username.
Companies need a data breach plan
The reasons for a data breach occurring can range far and wide, from an outside hacking attack on a website to a lost company laptop with confidential data stored on it. If they do happen, we’ve said before that apologetic emails don’t make up for losing personal data but at least it means you are aware.
And that’s the main problem – at the moment, companies are dealing with data breaches in all sorts of different ways. What we want to see is a standard process that all organisations have to follow, including notifying the Information Commissioner’s Office (ICO) of all data breaches.
Have you been contacted by a company to tell you some of your information has been lost, leaked, hacked – or for any other reason? If so what did they tell you – did they provide you with enough information, fast enough? And were you happy that you were given good advice on what you should do next?