Over the past two years, retail has suffered more data breaches than any other industry. Security breaches are particularly troubling for retail brands because they often hold a large amount of personal data on customers. This can include their complete shopping history, payment details and delivery details.
Retailers around the world have paid a high price for losing customer data in various breaches. When Target allowed data on 40 million customers to leak they were fined $18.5m. A 2014 data breach by Home Depot initially cost the retailer $27.25m in compensation payments to customers, but once legal fees and other costs were added up it possibly cost the brand around $179m.
Research by KPMG in 2016 showed that around one in five customers would completely stop shopping with a retailer if the company was hacked and data stolen. This view still applied even if the retailer had taken immediate action to improve data security and limit any data loss.
It must be tempting for retailers to keep quiet when faced with a data breach, but this approach can be even worse as the betrayal of trust can be extremely damaging. News of the data loss will almost certainly leak, so an open approach is better (providing the breach could not have been prevented, of course).
For companies in Europe, there is an even greater requirement to be vigilant and compliant with data regulations as the EU GDPR (General Data Protection Regulation) rules will be enforced from May 2018. Already law across the EU, but not enforced until next year, the GDPR creates a new approach to data use with a focus on the rights of the customer.
This new compliance regime in Europe and the constant threat of data loss from hacking and social engineering attacks should make all retailers sit up and take notice. Retail data is under attack, from the contact centre to the in-store environment. If you don’t protect the information you have on your customers, then a fine is only the start of your problems – your customers may never return.
What do you think about the new data rules? What else can companies do to recover trust after a breach? Leave a comment here or get in touch via my LinkedIn and let me know.