Confession is good for the soul, but bad for the reputation

Those accused of a crime who plead guilty can expect a reduced sentence. Likewise, companies admitting to a data security breach or data loss get a reduced fine. In the case of Zurich Insurance, settling a Financial Services Authority investigation early took 30 per cent off the potential fine, saving itself nearly £1 million.

What this latest case of insecure handling of personal data throws into sharp relief is the issue of deterrence versus incentive. The level of FSA fine in this case was eye-watering enough at £2.275 million or nearly £50 for every record involved. Given the relatively low margins on general insurance products, that could be enough to turn every one of the accounts involved loss-making.

Those customers would argue that they have been put at risk by the insurer – ironically, given the nature of the product involved – and the consequences could have been much more severe. Fifty pounds is what ten credit card records might fetch on the black market, with a fraudster likely to net thousands of pounds if this data were to have been found and put to improper use.

So is the scale of the penalty enough to encourage others to review their data security and processes? Gaps in these are what let Zurich down, with the year during which it remained unaware of the data loss probably the most telling aspect of this incident. How many other major data controllers in the financial services sector could themselves be in breach of FSA rules on data without knowing about it?

With the Information Commissioner yet to use his enhanced powers against anybody, data users across all sectors might be driven by fear of fines to tighten up their own processes. After all, that is the point of regulation and enforcement. The ICO has shown a softer side by talking up the need to report breaches and losses early to mitigate penalties later – like a priest giving an easier penance for a quick confession.

The question is whether companies will see these discounts as an incentive to admit problems. Or will the reputational damage that arises from the publicity in such cases be a bigger concern? After all, as long as the brand remains an asset on the balance sheet and the database does not, it is clear which will be handled with the most care.

Recommended

Dell builds bespoke customer insight

Marketing Week

Dell has undertaken a major upgrade to its business intelligence infrastructure to ensure its business is powered by customer insight. The company is now using a centralised, enterprise data warehouse platform from Teradata as the foundation for its analytics. The upgrade extends a deployment that first began in 2001.

Dyno-Rod unblocks customer data

Marketing Week

Drain, plumbing and locksmith services company Dyno-Rod has implemented a customer relationship management system to push customer data to its frontline staff.

The path towards clean customer data

Marketing Week

The age-old debate over the use of customer data in marketing campaigns is still being played out and, while we may be in a truly digital age, it’s still important for businesses to adopt a robust approach to data quality.

Comments

    Leave a comment