Who’s responsible for protecting your customers’ personal data online?
13 April 2016
A data breach can have a long-lasting impact on customer trust, and the reputation and profile of an organisation.
A call from a frustrated customer that has just become aware that their information has been compromised isn’t an ideal situation for any organisation. But who is really responsible for the protection of personal information that has been accessed from an online account?
New research from Experian, which examined consumers’ behaviours and perceptions around the security and protection of their online accounts, suggests that as awareness of data breaches increases, so do people’s expectations of organisations to safeguard their personal information.
The findings show that more than three quarters (77%) of British consumers firmly believe businesses are solely responsible for the protection of their personal information online – particularly phone companies, banks and insurance companies. Could this be part of the reason many consumers are falling behind in protecting their own information from fraudsters and not taking responsibility of their actions or considering the steps they can take to protect their own online identity?
Even in spite of a recent spate of high profile data breaches, British consumers are failing to keep pace when it comes to protecting their information online. Almost half (44%) of British consumers rarely/never change the password to their online accounts. Additionally, a third (30%) use personal information such as their maiden name, date of birth and home address to create their passwords – much of which is easily accessible online – leaving them vulnerable to identity theft.
Organisations need to consider how they can work with consumers to change that shift in mind-set to encourage a shared, mutual responsibility – and a two-pronged approach from both sides to help keep the doors closed from fraudsters.
Organisations have the opportunity to take ownership of this subject and encourage their staff and customers to consider the way they protect their personal information online. For example, when setting up an online account, prompt your customers to use strong, unique passwords; help them recognise the signs of phishing emails and secure websites and remind them of things you will never do, such as requesting account information via email or on the phone. Have a clear process so customers can quickly access the support they need if they do suspect something is wrong.
While helping your customers to protect themselves, organisations also have an indisputable duty to do everything they reasonably can to protect their customers’ data – both in terms of putting preventative measures in place to stop a data breach from happening in the first place, and having solid plans that will allow the organisation to respond, reassure those affected and recover after the event.
Is your business equipped to respond to a data breach? Experian has launched a resource to help businesses consider a ‘customer first’ approach for response effectiveness: The Experian Data Breach Response Guide.
 Research methodology: Survey conducted by ComRes, surveying 302 IT business decision-makers within small, medium-small and medium-large enterprises in January 2016, online and by telephone. All businesses held PII data for more than 100 customers or employees. ComRes also interviewed 2,008 British adults. Unless otherwise stated, all statistics relate to this research.