Data Breeches and Privacy...Painful!
Unless you've been hibernating or completely in a different universe, the word Epsilon, privacy, data breech, and "we're sorry" all in one breath should be familiar. Check your emails, Social Media Networks, Twitterverse, and any other major media outlet if you still are lost by what happened.
Legal issues and high-tech security online. One more thing to keep you up at night.
Anyhow, a massive data (lists mainly) management company had some data taken, which mainly consisted of email addresses used by a variety of companies to send out newsletters, promos, etc. So what do you care about this? Well for starters, you're privacy, and second, the confusion as to how or why someplace called Epsilon had your information to begin with. I'll even add in that you should be paying very careful attention to this if you collect, store, and manage lists of your own; past or present, in-house or via third party.
Many states require you to clearly allow for opt-in, opt-out of anything used to collect customer information, as well as to provide protective (safeguarding this data) and corrective (communicating a breech to all who may be affected) measures. While this may seem daunting, it is easily and simply a matter of due care and due diligence in having the right protection in place to mitigate the effects, as well as a verifiable incident response as well.
How can anyone 100% guarantee that data breeches will not happen? You can't, just as it is impossible to eliminate 100% of any risk. What a person can do is: a) classify sensitive data, b) use a Privacy Impact Assessment to plan for disasters to happen, c) simulate incidents to gauge plan weaknesses, and d) formalize communication path when incidents do happen. Some regulations to become familiar with are Red Flags Rule, GLBA, SB 1386 (California), amongst others.
A critical incident will happen, and while you might not have the defense ability of the Pentagon, you can protect yourself in the event it does happen.
Leaving your business wide open and unprepared is not acceptable nowadays with all the interconnected networks, relationships, and transparency.
A list of some of the companies with data that was compromised:
• Kroger • TiVo • US Bank • JPMorgan Chase • Capital One • Citi • Home Shopping Network (HSN) (added 4/3)
• Ameriprise Financial • LL Bean Visa Card • Lacoste • AbeBooks • Hilton Honors Program • Dillons
• Fred Meyer • Beachbody (Makers of TRX) • TD Ameritrade • Ethan Allen • Eileen Fisher • MoneyGram • TIAA-CREF
• McKinsey & Company • Ritz-Carlton Rewards • Marriott Rewards • New York & Company • Brookstone
• Walgreens • The College Board (added 4/3 @8:20am) • Disney Destinations • Best Buy • Robert Half
• Target • QFC • bebe Stores • Ralphs • Fry's • 1-800-Flowers • Red Roof Inn • King Soopers • Air Miles
• Eddie Bauer
A lot of household names and big time retailers.
Google and Facebook. Your own small business. Did this get your attention?













