Shopper Marketing - October 2016 - 32
VIRTUAL ROUNDTABLE: DATA SECURITY
" Vulnerabilities can stem from insufficient
hardware and software tools, and also employees'
risky behaviors while using the internet."
Tulay Girard, Penn State Altoona
they hope to gain access to financial information.
Target's attacker used a contractor's portal
as a point of entry and eventually got to the
POS systems, so could a bad guy breach a
shopper marketing database and worm his
way to consumers' financial data?
RON LUNDE: Yes, someone's purchase history
can be a back door to credit card information
- unless there's a lock on that door. Remember 33 rpm records? You put the needle on the
edge and it went all the way to the inner edge.
That, in essence, is what a hard drive disk does,
so once someone is in the system, he can start
on the outer edge and work toward the inner
edge to find information. Now, a hacker doesn't
care who you are; he just wants your credit card
number. And once he has that, he doesn't care
if you like Hershey bars instead of Mars bars, but
that may be his point of entry.
The way retailers are collecting, storing
and using data, what are some of the
TULAY GIRARD: Vulnerabilities can stem from
insufficient hardware and software tools, and
also employees' risky behaviors while using the
internet. One click is all it takes for malware to
take over a computer or server if sufficient secu32
y SHOPPER MARKETING OCTOBER 2016
rity software programs and a firewall are not in
place and updated. Customer data really needs
to be protected on a different server than the
one that employees use to check emails and
use the internet. Customer data can be backed
up to a storage space that is connected to the
internet only when necessary.
There's HIPAA to safeguard people's health
data. Is there a law governing how retailers
collect, store and use consumers' personal
FERNANDO BOHORQUEZ: Yes and no. There
is no one consumer federal privacy law. Instead,
we have a broad consumer protection law under
the Federal Trade Commission Act that generally prohibits deceptive and unfair trade practices
applicable to consumer privacy, and a system
of federal statutes that target industry sectors
and specific commercial activities. These federal
laws overlap with numerous consumer privacy
and data security state laws and regulations and
various industry self-regulatory programs.
The Federal Trade Commission has brought
dozens of actions against companies for misleading privacy and unfair data security practices and issued several consumer privacy and data
security best practices reports. The two basic
guideposts retailers can glean from these FTC
privacy actions and reports are, number one, if