Protecting consumer data is key – but organisations must do more to show it

The past year has confirmed that the digital age is now a fundamental part of our everyday reality. But with a record £479 million lost to increasingly sophisticated online scams in the UK alone last year, protecting consumer data from cyber criminals has never been more critical.

That’s why the recent exposure of 530 million Facebook users’ data – including 11 million in the UK – should be a massive wake up call for consumers and organisations alike. The sheer scale of the breach highlights the importance, and vulnerability, of customers’ privacy, particularly at the hands of big corporations. The role of online platforms in protecting customer data must evolve – and this requires governance of existing consumer data and a reduced requirement for its collection.

Who has access to what?

Consumer data will always be around, and even if personal information like location and contact information happens to be a few years old, this doesn’t make it any less valuable to a hacker who can correlate information across accounts to look for entry points. It’s crucial that this data is identified, and that access to it is governed appropriately on a purely need-to-know basis.

Data such as a phone number might seem to be nothing more than a nuisance resulting in a flurry a spam calls, but this can quickly translate into something far more serious. Targeted SIM-jacking and impersonation scams, for example, have the potential to weaken existing security controls like multi-factor authentication via mobile devices – often the main security measure in place by companies.

What to know about user authentication and cyber security

The amount of cyber attacks that are caused by hacking online retailer accounts remains high, so how can user authentication be improved? Read here

Cutting back on data

The other key initiative is minimising the demands for data collection from consumers. No longer must companies have the mindset that you can never have enough data. Limiting the personal information to only what is absolutely necessary will reduce the attack surface for the organisation, and ultimately make it harder for a hacker to succeed. This is inherently linked with better data governance – a smaller amount of customers’ personal information is far easier to manage and keep secure.

As our reliance on digital continues to grow, organisations have a responsibility to make it common practice for users to share only what is necessary in order to use a service. No more, no less. The rise of digital identity, the ubiquity of mobile devices, and standards such as verifiable credentials seek to make this long-term goal a reality. This should be the default approach taken by businesses.

Wakeup call

This is not the first or last data leak, but because of the severity of the breach, and the big name associated with it, people are paying attention. Our own research suggests greater awareness around data privacy is paramount. As many as 24% of Brits have shared work passwords with a partner or family member during the pandemic, increasing the risk of these falling into the wrong hands and opening up the virtual doors to sensitive information.

Trust lies at the centre of any customer relationship, and breaches can cause significant damage to this in the long-term. Organisations must be able to demonstrate that their customers’ privacy is key – and this requires good governance and less data collection in the first place.

Written by Stephen Bradford, senior vice-president EMEA at SailPoint

Editor's Choice

Editor's Choice consists of the best articles written by third parties and selected by our editors. You can contact us at timothy.adler at