Shopper Marketing - October 2016 - 34
VIRTUAL ROUNDTABLE: DATA SECURITY
" Someone's purchase history can be a back door
to credit card information - unless there's a lock
on that door."
Ron Lunde, The Lunde Co.
you make a material change to your policy you
should give consumers notice of the change and
an opportunity to opt out. Number two, retailers
collecting and storing consumer personal information should have in place reasonable data security measures as well as an incident response
plan when those measures are breached.
Staying current with technology seems like
a reasonable security measure. Are retailers
on top of this?
HERTENSTEIN: I think security for most IT departments is an important issue. They are aware
of it, they are working on it, and when they're
vetting vendors to upgrade systems, what security precautions are in place is a question they
ask. But there's also the budget to consider. You
have to keep upgrading your IT system over
time, but you're not just going to throw out an
entire system and bring in a new one tomorrow
because it has new security features.
HECKMAN: Retailers have a lot of catching up
to do. Several major retailers haven't installed
chip card readers. Walmart made a strong push
to roll out that technology in their stores, but
other retailers are pushing it off. There's a tremendous amount of exposure out there just
because retailers have not invested in updating
y SHOPPER MARKETING OCTOBER 2016
You'd think the recent spate of breaches
would have retailers on their toes, but
are they instead exhibiting what security
industry experts call cyber fatigue?
HECKMAN: I do think there's a general feeling of complacency in the retail industry when
it comes to allocating dollars to security just
because we tend to be so reactive to the dayto-day rigors of staying competitive. Investing
in security and taking the extra steps to make
sure customer data is protected doesn't show
an ROI. It's not discussed until there's a problem
and you've lost market share and revenues due
to a data breach. It needs to be talked about
and there needs to be somebody in the organization whose job it is to make sure the systems
are being updated commensurate with the sophistication of the criminal element that's trying to get into them.
Who owns shopper data and who has access
to the data?
HERTENSTEIN: The retailer owns the data. In
some cases they will allow people to utilize the
data for analytics purposes. In other cases retailers do cooperative programs with manufacturers. There are a lot of different ways retailers
will allow access to data for specific programs
HECKMAN: What retailers typically do is give