Wednesday, April 25, 2007

If you're still shopping here, do you mind if we lose your data again?

There's a post at Emergent Chaos about how many customers you may lose if you lose their data more than once. I recently asked if you would still shop at a company that lost your data. These statistics are interesting, as they show that at least in some populations, there is a direct churn rate effect from repeated data loss. The question remains: what about institutions that you're not a customer of, but instead belong to a population that they service.

How is that different? Well, there are organizations like universities and the VA that will retain records on you long after your a bank, credit card company, or other institution would have hopefully destroyed your data. You will always be a graduate of your alma mater, and you will always be a veteran - and they will retain your data. Another group that we have little choice in dealing with is credit monitoring and reporting agencies - a breach of one of the major agencies could have serious repercussions. We've already seen third party processors announce compromises.

How can you protect yourself in this case? The responsibility lies with the data holder, and that is what should concern us - in some of these cases, there is no motivation to retain customers, we have no way to remove our data from their databases, and in many cases, there are few penalties for losing data that isn't protected via legislation. We may at least hear about it thanks to legislation that requires reporting- and that's a start.

No comments: