Today's businesses are highly data driven, and the information compiled from consumers is a valuable commodity. Unfortunately, sometimes businesses are liberal with the information they collect, which makes one wonder, do they always necessarily take due care in protecting your data?

While many businesses are responsible and do invest efforts in cybersecurity (and there is definitely a shortage in talent), as evidenced by the massive data breaches occurring in recent years, there is a problem. Also, there are ways some businesses simply do not take care of customer information the way they probably should.

Lack of Security

Security is a costly investment for a business, but it does not produce any revenue, so information security is sometimes cast aside as a lower priority in favor of other processes such as sales and marketing, especially if budgets are limited.

While in 2015 information security is taken more seriously than it had been in the past, unfortunately many business still do not, or cannot, exercise care in providing adequate security for consumer data.

Data security
Credit: Senator Mark Warner via Flickr/CC by 2.0 with Attribution

Data breaches are a common occurrence, either through accidental exposure or through exploitive methods employed by hackers. A business that does not tighten its internal security measures and vigorously maintain these processes put customers and/or other consumers at risk.

“When this same characterization shows up time and again, you begin to suspect that some blame-shifting is going on. These claims of sophisticated attacks appear to be intended to demonstrate that typical and accepted security practices were doomed to fail. The truth, however, is that these attacks seem sophisticated only when you compare them to the unsophisticated security programs that fail to defend against them,” writes Ira Winkler in an article published on Computerworld in February 2015. [1]

This isn't to say a breach can't happen to a protected company, it's simply the risks are far higher for those that do not employ adequate security measures to safeguard your data.

Lazy Disposal of Data

This is connected to lack of security, but some businesses are even more careless with their customers' data. It is one thing to either not understand security or be struggling to keep up with the bad guys, but it is another thing entirely to be reckless with data.

Consider an incident in 2012 where a bank that allegedly dumped its trash without shredding these documents. [2] For at least one family, this led to suspected identity theft. To prove the incident, a family member of the alleged victim went to the bank's dumpsters and was astonished to find documents in the bin that included names, addresses, bank account and routing information; even employee schedules and bank opening procedures were reportedly carelessly tossed away.

This incident begs the question, how many other companies/organizations do not shred discarded documents?

[ Related reading: Is Your Trash Can a Treasure Chest for Identity Thieves? ]

Man peering into dumpster
Credit: Nate Grigg (nateOne on Flickr)/CC by 2.0 with Attribution

"Dumpster diving" is still very relevant in today's digital world. Many thieves do scour trash to find potential treasures.

Sharing with Third Parties

This is a sticky one because many people agree to these terms and may not even be aware they've granted permission for their data to be shared.  Most businesses these days protect themselves by including information sharing requirements in their terms of service or contractual agreements.

These terms are often, except where required by law, in favor of the business. It is lucrative for companies to be able to share information with affiliates, partners and other entities.  Some companies likely won't risk alienating customers, but others will go for the profit.

“If [business owners] use customer data like a mailing list, then they spam,” says Jeff Tanner, professor of marketing at Baylor University, in an article published by Entrepreneur. “If they use data to have an intelligent conversation that includes relevant offers, then they become a preferred partner. You might be able to sell access to your customer list, but no customer will want to stay with you once they figure that out.”  [5]

Consumers that do not read their terms carefully may be surprised down the road to hear their information has been sold or given away to other companies.

Collect More Information than Needed

Businesses do need to collect a level of customer data in order to process transactions. Also, often in exchange for certain perks or higher degrees of personalization, companies collect additional data to entice consumers to share even more information.

Consumers that want to protect themselves should limit the amount of data given and, if you feel information isn't necessary to do business, question why it is being collected.  For instance, many medical offices frequently ask patients for Social Security numbers. Many insurance companies no longer use SSNs as identifiers and are not needed in order to process claims, so this is not-needed information, but it's still of value to a business. Patients that leave this field blank on forms are often not questioned (I do it all the time), yet some doctors' offices still keep this field on the form. Why even have it there?

ID Theft
Credit: Creative Commons License CC by 2.0

Bottom line, it is a good idea to always question any information asked for by a business, and/or if any type of request makes you feel uncomfortable.

Businesses today have a responsibility to protect consumer data. There are some laws in the United States, such as HIPAA, that require due care (in this instance the law relates to the medical industry). [3] Additionally, there are frequently suggested laws that go through the legislative process to address consumer data protection. However, it is important to keep in mind that technology progresses much faster than the legal process and it is difficult for laws to keep up the same pace.

Many businesses do exercise care in protecting consumer data, but if the massive data breaches in recent years are an indicator, there are still too many that do not employ adequate protection. Or there are breach problems with third party vendors used, such as what occurred in the 2013 Target data breach.

Consumer data is valuable and businesses strive to collect it, but may or may not work hard to protect this asset. Always be vigilant in what information you share. 

[ Related reading: Hot Job Opportunities: Cybersecurity ]