Back in 2013, when Target was ha.^cke^d, clients received notifications that stated how cybercriminals and ha^ck’ers forced their way into Target systems and stole guest data, including, credit card and debit card credentials. The announcement further noted that the affected client’s personal details such as email ID, mailing address, phone number and name might also have been taken during the data breach. However, what struck odd to officials and the Defense Department is that despite the data breach being a sensitive topic, Target did not alert the victims about their personal shopping history and customer profiles having being stolen.
When publications began to expose the extensive data collection and analysis practices of Target, they started running stories on how the company had leveraged statistics to generate data, for instance of consumers that were pregnant.
Cut to today, almost every large customer-facing or consumer-oriented company maintains extensive records of their clients and customers details. These could include personal credentials, sensitive financial data, customer records and others that can draw conclusions about their customers’ health, various requirements and habits, and other personal and confidential information that can be further used for financial gain.
Scarily enough, this data can also figure out an individual’s ethnicity, job history, the publications they read, if they’ve ever declared bankruptcy or have been divorced, their educational qualifications, the kind of topics they browse online, their preferences in consumer products and more. So, if this data is available, it can be stolen and used for nefarious purposes.
Data Breaches and Protecting Confidential Documents and Customer Data
Going back to Target, when the data was ha^ck.ed, this extensive information regarding an individual may also have been taken. While the company assured its customers that PIN numbers were not jeopardized, there was no indication that the victims’ shopping histories were taken, since it was not stated in the notification.
Today while we think that health information is safeguarded, you may be surprised to know that only in specific contexts it is protected. In 2016, when HIPAA was introduced, numerous technologies, including wearable fitness trackers and social media sites where people share health information through social networks and other applications were not in existence. Today however, there are a growing number of websites and apps that permit people to log in to view their health information in order to monitor and analyze their eating habits, sleeping patterns and even blood sugar.
Various new health data websites also provide information and send out notifications with helpful tips on multiple conditions and medications. And over the years, millions of people using wearable devices as well as online users having entered information regarding their weight, diet, exercise routine, health symptoms and various health indicators on websites.
Not too long ago, Google had run a service known as Google Health. This application motivated users to store health information in the cloud. On its online FAQs, one such piece of information stood out:
Questions and Answer
Q – Does HIPAA cover Google Health?
A – Because Google Health is not regulated by HIPAA, like the way a doctor or health plan is, Google is only connected to the user and has a primary relationship with them. In this regard, it does not store any information on behalf of healthcare providers.
Given the numerous gaps in regulations, sometimes unapproved disclosures of medical data or health information may not be subject to data breach notification regulations. In other words, if the data is stolen from your cloud provider, you may not be informed about it, as the health provider may not be required to notify you.
Protecting customer data from piracy and data breaches is the prerogative of every customer-facing organization. How can organizations protect confidential documents and data? Organizations must carefully consider the risks and challenges of security in the data they store, as well as the dangers they may have in and around them. The most significant and immediate risks are compromised information. An attack on an organization’s server could reveal business and customer information that could put the organization’s customers, employees, and even the organization itself at risk.
There are two primary ways that an attack could affect your organization’s confidential documents and sensitive data:
- Your own employees accessing your organization’s data could potentially compromise your sensitive documents and data.
- Data loss and unauthorized use of documents and information could occur through the actions of third parties accessing your data.
Safeguarding confidential documents and sensitive such data is not only crucial to prevent litigation but to avoid your business from going under. Digital rights management is a proven document security and data protection technology that takes the safety of your information seriously by controlling both access and use to confidential and sensitive information. Through DRM, you can securely share documents, enforce location access, device, expiry and usage control regardless of where your data lies. It encrypts your data and uses multiple levels of access controls to protect confidential documents and data from misuse. Documents can be watermarked, tracked and instantly revoked at any time so that you can be assured your confidential and sensitive information is always under your control.