Data breaches: should companies be doing more to protect our personal information?

Data breaches: should companies be doing more to protect our personal information?

There’s a lot of pressure on people to keep themselves and their data safe. We have to create long, strong, complex passwords with capitals, symbols and numbers, but never use that password for more than one website.

We have to stay alert to the many potential risks of fraud online and in person, and behave cautiously when contacted by anyone pretending to be from a financial provider.

We even have to exercise incredible caution when making large payments to our lawyers or other service providers in case their email system has been compromised and we’re inadvertently transferring our life savings to a criminal.

Yet despite the extensive, elaborate caution that we are responsible for taking, we are still reliant on businesses and companies keeping our sensitive data safe.

And they fail. New research from Which? has shown that almost one in 10 people who have shared their data online believe they have been subject to a data breach in the last year and three-quarters are concerned they are at risk of a leak.

This should not be happening

There have been some absolutely major data leak stories just recently; the news broke in September that credit report giant Equifax had data on up to 143 million customers stolen by hackers.

And the major Yahoo! data breach revealed earlier this year meant that all three billion of its user accounts were affected, although the stolen data didn’t include passwords or payment details.

But those are the massive disaster movie stories. At the other, less-reported end there’s a constant flood of firms admitting they failed to keep their customers safe.

For example, Pizza Hut revealed last month that its website and app had been hacked, potentially compromising data including delivery addresses and card numbers.

And Wonga revealed in the spring that a data breach may have compromised the financial information of up to 245,000 UK customers.

Frankly, you should be able to use your email, order a pizza and manage your money without the risk of a data leak.

Check your credit report for anything suspicious

Corporate responsibility

As customers, we need to demand that firms keep our data safe but also that they innovate to make it easier for us to protect ourselves.

They are the businesses with the innovation and research budgets, after all; they need to make us a priority.

Emma Mohan-Satta, fraud prevention consultant at Kaspersky Lab, told me: “Financial providers need to continue investing and researching to ensure they are using fraud prevention solutions that are keeping up and keeping their customers protected.

“As new technology emerges it’s important that financial providers also think about options for making the digital experience easy for customers while still protecting them from fraud; for example behavioural biometrics can be a great ‘invisible’ indicator of whether the genuine customer is accessing the account but doesn’t require any additional action from the customer themselves.

“Financial providers should also educate customers on the latest attacks and offer advice on how to safely use online and mobile services so that consumers can be better informed and help in keeping themselves protected.”

Too right. More responsibility for them and more information and education for us. It is the only way we will keep safe from fraudsters.

What’s more, that education needs to include the major changes coming next year. Research from Exonar shows that 70% of British people don’t know that from May 2018 new EU privacy laws mean that we all have more control over what data is held.

We will have greater rights over how much data is held by firms and even have the right to be forgotten. Firms need to ensure their customers understand their new rights before they come into force.

That’s especially true given that:

It’s just getting worse

You might like to think that there’s steady, ongoing improvement in the fight against data criminals. After all, surely firms are getting better at securing sensitive information and customers are increasingly good at staying clear of compromising situations.

However, the US-based Breach Level Index, a global assessment of compromised data records, there were more data breaches in the first six months of 2017 than in the whole of 2016.

In fact, in the first half of this year there were 1.9 billion data records compromised worldwide.

The data provided by the index is staggering. Less than 1% of the stolen, compromised or lost records were encrypted. Encryption would mean the thieves would be unable to use the data.

In the half-year report, created by the company behind the index, Gemalto, the message was clear – poor internal security is helping fuel the rise in data theft.

Let’s be frank, it doesn’t matter how great our passwords are if the businesses we share our data with don’t do enough to protect our data at their end.

So what could be done?

We have to hit firms in the pocket, it’s the only place that hurts them.

In the last few days, Which? has called for the current Data Protection Bill going through parliament to be amended to allow independent organisations to assist customers in gaining collective redress.

Which? spokesperson Alex Neill, said: “Data breaches are now more commonplace and yet many people have no idea what to do or who to turn to when their personal data is compromised.

“The Government should use the Data Protection Bill to give independent bodies the power to seek collective redress on behalf of consumers when a company has failed to take sufficient action following a data breach.”

Doing so would certainly be a good start.

And finally

One last thought. It may seem as if everything is done electronically and online now. However, we are still at the beginning of our connected, digital era.

In the future, cars will be connected to one another, medical records will be connected via the web, even our smart houses and appliances will have an online presence.

Without far more serious action on the part of companies to keep our data safe and make that a priority, we face a future with even more fraud and all the resulting frustration, wasted time and lost money.