By Marc-Anthony Signorino, IDESG Executive Director
While we in the identity/privacy/security world take time today to celebrate rock star organizations that promote the very best practices in consumer data privacy, we also should remember those who – not for lack of trying – tripped and face-planted on the red carpet of privacy. As you read this, untold companies around the world are quietly trying to deal with the cost (and embarrassment) of large-scale data breaches that have exposed their customers’ most sensitive information.
The U.S. Bureau of Justice Statistics estimates that, in 2014, 85% of Americans took steps to protect themselves from identity theft, yet 90% of identity theft victims knew nothing of their offender and most hadn’t a clue how their information came to be exposed in the first place. So while a majority of Americans are concerned enough about identity theft to utilize the protection tools at their disposal, their battle is an uphill one, in the pitch dark.
The worst part? Often, identity theft is unwittingly enabled by the businesses that customers or employees have voluntarily entrusted with their personal information (oh, Rational Choice Theory... ‘tis a tangled web we weave). From Target’s $252 million dollar breach, to the public shaming of Ashley Madison users, to Sony executives’ losing (and down-right weird) battle with North Korea over “free speech,” it’s become clear that companies must proactively and aggressively protect the personal information with which they’ve been entrusted – lest they feel inclined to forfeit their customers’ and investors’ trust and loyalty, along with a boatload of cash, future revenue and overall reputation in the marketplace.
So how can a company protect the identifying information it has stored? That’s a bit of a trick question, as the Identity Ecosystem is in constant evolution. The most strategic and cost effective methods of navigating risk in identity management can vary by industry and organizational need, as well as corporate leaders’ knowledge and understanding of available solutions. This is where the Identity Ecosystem Framework Self-Assessment Listing Service (SALS) will shine. Slated to launch in the spring of 2016, the IDESG’s voluntary registry will enable companies to independently compare their identity management methods against common practices. The SALS will be an entirely voluntary listing service that creates an opportunity for businesses conducting online transactions to not only highlight their own best practices, but also to connect with like-minded organizations. At its heart, SALS is designed to build trust online – bringing businesses and consumers a peace of mind.
Join us in making sure everyone makes it to the top of the red carpet next year!