That’s right. I, Morgan Wright, am serving notice on you that I am firing you from this one job that puts you at extreme risk. You’re done. Finito. End of the line. Sacked. Let go. Rightsized. Downsized. Provided new job growth opportunities. Whatever you call it, it all means the same.
And what, precisely, is the job you are being unceremoniously fired from? The collection business. “But Morgan, we’re not in the collection business. We’re in the [INSERT TYPE OF BUSINESS HERE].”
No you’re not. You have been in the collection business, gathering tidbits of personally identifiable information along the way. Things like dates of birth (do you run a birthday club?), social security numbers, bank account and routing info, medical identification numbers, Medicare/Medicaid numbers, pet names, favorite colors, children’s dates of birth, spouse’s date of birth…and the list goes on.
Don’t forget credit data data. That’s a good one too.
The esteemed Wall Street Journal published a post a couple of years back. But don’t let the age fool you. It’s spot on with some of your terrible practices. Yes – I know. It’s all about Big Data. Yes, I get it. How will you analyze big amounts of data without…data?
What gets mere mortals like you and me into trouble is not that we’re collecting it. It’s that we’re keeping it way too long. According to the WSJ blog post:
Chasing the promises of Big Data, and enabled by cheap storage, CIOs have gotten in the habit of holding onto consumer data for unknown future purposes, said Gerald Ferguson, a data privacy attorney at the law firm Baker & Hostetler LLP. That customer data may be laying dormant across dozens of systems, like payment and marketing platforms. To lower Big Data risks, Mr. Ferguson says, companies should maintain an inventory of what personal data is stored and why and if there isn’t a compelling reason to hold onto the information it should be deleted. “Data that you’re storing and not making money off is a liability,” (emphasis added) Mr. Ferguson said.
Now Heal Thyself
Do that audit. Find out what you are legally allowed to collect, and for how long. If there’s no limit, then how long do you really need it for your purposes. If you store credit card numbers on paper – shred them. Now! Most browsers, like Chrome and Safari, encrypt and store credit card data locally on the computer. Do you really need to store that credit card? Is the value of the data worth more than the size of the lawsuit you might face for a data breach? What about birth dates? Why not just go to birth months? No day or year. Tell your customers why you’re doing it. They’ll thank you for it.
Take this one step today. Find out what information you keep on your customers. And why. If there’s no good reason, and no good answer, then delete it starting now.
Go ahead. Fire yourself from that mundane and risky job of collecting way too much customer information. Refuse to go along with the ‘big data’ crowd. Give yourself a digital pink slip and sleep better tonight knowing you are no longer contributing to the problem.
A common maxim in data breaches is that there are two types of companies. Those that have been breached, and those that will be. If you ignore this advice, at tremendous peril I might add, then the next words you hear won’t be “You’re fired.” It will be your customer telling that big fancy law firm that specializes in class action litigation…