It was with interest that I read today about the possibility of a large number of customers social security numbers (an important number in the USA, akin to the TFN number in Australia) being inappropriately disclosed on the outside of an envelope to the customers.
The risks surrounding privacy of customer information have always ranked as one of the highest and most important risks for all organisations, and it is therefore amazing to read about such incidents. What we always forget in managing this risk is that the real underlying risk is the human error potential surrounding the risk being realised.
So, in managing the risk surrounding privacy, we should not just focus on making sure our systems encrypt and secure the data but also look at the “simple” way we use data and ensure every time we extract data and use it, we think of the privacy elements of the data being used.
Sounds obvious and simple, but alas seems to always come back in some story or article around customer information being used incorrectly.
Cheers,