Occasionally, we get questions about why we use weird passwords, why everyone
needs their own login and why we do not use an easier method of processing
credit cards in Webtix. Well, recently we received this postcard about a class action suit against one of our competitors about identity theft losses:
It looks like someone got into the database and the data – which included credit card numbers. There are other allegations that the customer’s information was sold to various marketing companies – disregarding their promise not to do so.
What does this mean for you? It means we will continue to keep your data as secure as we can. But that is only part of the problem. You need to take care and protect the data for your customers.
This is part of the way things have to work. An accounting program that kept all customer data permanently locked up would not be of any value. You would not be able to contact your customers or get reports. A compromise has to be made.
In our case, we use the concept of the phone book. Everyone has a name, address, and phone number in the phone book. Very few people object (by getting an unlisted number). Email address are a similarly sensitive piece of information. That is all we keep. If an outsider hacks into the database, they will get this information. But, since it is public information, it will be of little practical value. No one can steal credit card information because we do not keep any of it.
This is what we do. You have a part as well. This is your data and your customers. You need to be aware of their wishes.
Here’s where we get into the gray area.
Part of the allegations in this case concerned selling customers’ data. This is valuable stuff. Even though it is not used for anything illegal, it can be used for targeted marketing, which is perfectly legal. Many of our Webtix customers use Google Analytics. This is a valuable tool, provided by Google and it is free. It is also a (small) invasion of privacy. Your customers will probably not object to this. It benefits you. And they do support you and your organization. If they don’t, you should get out of this business.
But if you sell your mailing list and customer history to a marketing company, your customers will object. You may not be sued. But you will have lost the trust of your customers.
Sharing your mailing list with other organizations in your area is fine – as long as your customers know. Make sure you have an agreement as to what the list will be used for.
Another gray area is where our government is actively making holes in the security we use to protect ourselves. They say it is for our protection. Don’t believe them. It is only a matter of time before criminals use the same vulnerabilities.
In conclusion:
Take care of your data. Being contacted by a lawyer can ruin your whole day.