This week, some Wells Fargo customers in South Carolina and Florida got a nasty surprise. Turns out, a "malfunctioning printer" printed multiple customers' account information (including transactions and, in some cases, Social Security numbers) on the pages of other customers' statements.
The number of customers affected hasn't been made public -- a real misstep in my opinion, and one which renders Wells Fargo's public apology rather hollow sounding. Remember: Transparency is a key factor in gaining consumer trust in the era of personal identity management.
Aside from the bank's public handling of the matter, though, there's another important issue. Too often, when organizations talk to us about security and privacy, they're focused on digital data. But the truth is, there is plenty of analog data that follows individuals around, from in-store transactions and personal trainer visits to, yup, mailed bank statements. It's not enough for firms to spend millions of dollars protecting consumers' digital footprints if they're not also thinking about both inbound and outbound uses of offline data.
Does your organization have discipline and governance around the way offline data is captured, managed, and disseminated?
It has been a few years since Forrester delved deeply into the issues surrounding consumer privacy, and in that time, an awful lot has changed:
Facebook Connect, Google ID, Yahoo Identity, and Sign In With Twitter have emerged as a wholenew way of being recognized across a myriad of websites across the Net. As little as a decade ago, most adults online couldn’t have imagined the convenience of single sign-on.
At the same time, data capture methods have not only proliferated, they’ve become exceptionally sophisticated. Tactics like Flash-based cookies and deep packet sniffing surreptitiously collect behavioral data about online consumers, while loyalty and membership cards provide more insight into consumers’ purchasing habits at the line item level than ever before.
All that extra data is hard to protect without big changes to governance policies and technology stacks, and when data breaches happen, they're public and ugly.
Finally, legislators have forged ahead with regulations to protect consumer data. Europe's answer is the Data Protection Directive – a regulatory framework that governs the capture, management and use of consumer data, while in the US, congressional leaders, egged on by consumer advocacy groups, are introducing bills designed to limit data capture and to provide remediation in cases of data and security breach.