Do You Know Where Your Customer Data Is?


Data about customer preferences and behavior is a critical resource to a data-driven organization. Greater insights into what motivates and matters to customers help organizations build loyalty by tailoring experiences to their customers’ needs. Personalization done right builds long lasting relationships and affinity. But, personalization at the expense of privacy can forever break trust between a company and its customer. Knowing where a customer’s data resides is the first step in ensuring that a customer’s data is properly protected against theft, loss and misuse.

More Data More Problems

In the information security world, the general principle holds that you can’t protect what you can’t see. In the insurance world, the general principle holds that if you can’t identify the risks, you can’t assess your liability. But if large organizations are going to be able to balance their hunger for more personal data with the breach and privacy liability of accumulating more personal information, they will need to take stock of what personal data they have.

According to research by IDC and other sources, as much as 75% of digital data created every year is personal data. As the number of digital touch points where a business can engage a customer grows, companies find themselves collecting all kinds of personal information about their customer beyond just their preferred credit card number.

Today businesses capture data on personal preferences, habits, relationships, health and even intentions. The consequences for loss or misuse of this personal information can have dire consequences to an enterprise: lost revenue, costly remediation, class action or crippling regulator penalties. And when an enterprise loses or misuses its customer data, it also loses that customer’s trust and loyalty.

But since enterprises touch customers across so many digital channels they rarely have a good handle over where a user’s personal information resides. Even for something as guarded as payment information, rarely do companies have complete knowledge of the data’s location. According to a study commissioned by Gemalto, the majority of companies (55% of respondents) do not know where their payment data is located. As the definition of personal identifiable information (PII) has expanded beyond credentials and payment card information (PCI) the problem has only grow worse.

Its About Location, Location, Location

Knowing where a person’s information resides is the first step to protecting that information and meeting new privacy regulations. Clearly you can’t protect what you can’t find which is why having an inventory of the data is a necessary first step to understanding the risk of loss and detection of usage violations. Moreover, knowing location is essential for satisfying residency, right-to-access and right-to-be-forgotten privacy regulations.

For the data-driven enterprise customer data is the most critical asset of all. Enterprise have long worried about managing physical assets like PCs and mobile phones. But losing a PC won’t destroy an enterprises’ business or brand. Losing or misusing customer data could. Protecting the privacy of customer data is therefore essential. But you can’t protect what you can’t find.