A warning for businesses about the storage of confidential customer data – manage it better or risk multi-million dollar fines.

Data management expert Emy Carr said the confidential information of millions of Australian consumers is at risk because most businesses have no plan in place to stop hacking or leaks.

“Most companies are mainly interested in capturing customer information to use for their marketing efforts, but not enough is being done to protect personal information,” said Mrs Carr who owns leading data management company EC Integrators.

“Consumers don’t realise the amount of personal data that is being stored online somewhere.”

“Software failures, hacking and poor data sharing policies across company departments can lead to all kinds of sensitive information being exposed.”

“Consumers will soon be making purchasing decisions based on how well the company will protect their data – and those with a bad reputation could suffer losses.”

A recent Australian Federal Police survey found that 60 per cent of businesses had suffered a cyber-attack, that had managed to infiltrate its security and access data.

Recently the Commonwealth Bank was found to have allegedly breached regulatory policy on 54,000 occasions by not forwarding data breach reports from intelligent deposit machines.

TABCORP was hit with a $45 million fine for falling foul of money laundering laws.

Telstra and Vodafone have also been involved in leaks of customer information leading to customer identity thefts, for which they were fined just $10,000.

“Australia is lagging behind both Europe and the United States when it comes to data governance,” said Mrs Carr.

She said businesses face big fines if they weren’t meeting government data regulations and so needed to be doing the following:

• * Understand how data is shared:   Personally Identifiable Information (PII) and sensitive data should be masked when shared within the company or when outsourced, but often isn’t.

• * Give data a value: Organisations are not placing monetary value on the data they hold. Many look at it as a way in which they can make revenue, but do not view it in the potential loss of revenue or reputational risk.
• 
  
• * Have a Chief Data Officer in place: This executive level position ensures the company has sufficient governance in place to handle and secure the increasing levels of data flowing through the business.

“Data breaches can significantly impact businesses’ reputation, seeing them not only lose customers, but expose customers’ data to potential identity theft.”

“If you’re taking in any customer data at all, there needs to be a robust data governance process in place to understand how that data is moving across the organisation. Who is seeing that data? Who is touching it?” Mrs Carr explained.

“Any weak link across those actually compromises the data. These are prone to identity theft and hacking. Any organisation, small or large, should have data governance in place.”

“Customers are trusting that their data is safe and secure. We just take it for granted.”

EC Integrators is a leading information management consultancy with specialised expertise in Data Governance, Enterprise Data Management, Data Virtualisation and Business Intelligence.