But is the policy true? No, because your data aren't safe.
Sure, your corporate policy says you won't abuse the data. Fact is, it's easy for abuse to occur. You're at the mercy of your IT staff. They can prevent it from happening -- or make it happen.
Would your competitors like to have a list of your current customers? Has someone on your IT staff already sold it to them?
Would your suppliers like to know your thoughts about their latest pitches? How do you know your email hasn't already been forwarded to them?
If someone wants to abuse data, he must first obtain it. The key to obtaining it lies with someone who has access to it.
Could data abuse happen at your company?
Are your employees happy? Is there about to be a round of layoffs? Have you recently fired anyone? Do you have "disgruntled" workers? Are there other reasons some employees might want to share your data with others?
Any employee with access to your data can do with it as she pleases.
Data stored on someone's computer can be accessed by anyone with the password. Some companies use two-factor security systems. These require the user to enter both a personal password or identification number and a special number generated by a device the user carries when she want to access her computer. The device generates a new number every minute or so.
This two-step security system was used 20 years ago at a super-computer facility that ran simulation exercises for the Department of Defense. You can use a similar method to protect data. Though it won't solve all your safety issues, it can prevent someone from accessing data stored on a specific computer or using a computer to access important data.
Data Warehouse Access
Data stored in a data warehouse can be retrieved by anyone with direct access to the warehouse or an OBDC (define) connection to the warehouse. Different levels of security and access can be set up by the data warehouse administrator.
Is anyone logging or tracking what happens with the data? Do you monitor what data are accessed and by whom? Do you monitor where data files are sent? Do you know who has your data?
Most probably, you don't.
My bet is you have nothing in place to prevent someone from making a copy of your database and delivering it to your competitors or to a third party who might abuse the data.
I know these things because I've seen and heard plenty of examples of data being somewhere it shouldn't. I know CEOs whose email was read, then the information was shared with the wrong people.
I know people who have complete databases from pharmacies that contain customers' prescription records. I know people who could easily commit identity theft hundreds of times, using the names, addresses, and social security numbers they've acquired. In some cases, data warehouse administrators using "standard" data file extraction supplied the data. They just couldn't be bothered to write code to create the required file.
Maybe Important, Maybe Not
All the above may be very important to you, or not at all. It depends on your data's sensitivity. On an individual level, a consumer might think his medical records are extremely private and should never be shared with anyone. On a business level, customer names and addresses might be more valuable than the products those records represent.
Managers at companies that believe their data are valuable must regularly reexamine their privacy policies, whether data are used for marketing or can be shared or distributed.
June 20, 2013
1:00pm ET / 10:00am PT