Protecting Customer Privacy: Security Breaches Best Practices

We’ve all read the growing number of headlines; data security breaches have become an all-too-common plague of the 21^st century. From banks and large retailers, to national and local government agencies, organizations of all sizes are at greater risk than ever before.

The consequences of a data breach are also on the rise. For small businesses, it’s estimated that in 2015 a data breach could cost up to $475,000—more than two and a half times 2014’s estimate of up to $175,000¹, according to a recent survey conducted in the UK by PricewaterhouseCoopers. The cost of customer notification alone can be enough to do a small company irreparable financial harm.

Yet more than 85 percent of small and medium-sized businesses (SMBs) are not providing the baseline level of data privacy protections for transactional communications with clients and customers. These include bills, patient reports, and similar documents. Such communications carry sensitive, valuable information that people trust the business will protect. Businesses must also comply with an increasing number of regulations surrounding data protection, which are growing increasingly complex.

Millions of checks, statements, insurance notices, healthcare records and other documents containing private information are exchanged by SMBs every day. These businesses have a legal and a moral requirement to protect their customer data, and changing customer preferences for receiving information add to the challenge. With all this as background, SMBs need to apply the highest levels of privacy safeguards possible with all their customer information.

When it comes to data protection, most businesses think largely of their digital information. Safeguarding digital data clearly poses many compliance challenges—and many of the high-profile cases of data breaches revolved around digital communications.

But the fact is, almost a quarter of security breaches involve accessing private data in paper-based form. And many types of printed transactional communications, such as notices, statements, tax invoices, etc., are subject to the same regulations as electronic data. This means it’s critical for SMBs to manage, maintain and protect their data in both digital and physical forms.

Physical communications can contain some of the most sensitive information on individuals, creating a very real need to enhance data security, protect customers and achieve compliance. Yet these communications are subject to some common risks:

Human error during the time-intensive, manual preparation of high-volume transactional mailings
Inaccurately addressed transactional documents that are returned or remain undelivered
Intentional mail interception by staff during the mail production process in order to source customer data
Fraud, deliberately diverting post to alternate addresses
Theft of physical documents

Although data held in physical format is as high a security risk as digital data, it requires an entirely different strategic approach to its management. There are many methods to secure stored physical documents, but when an SMB is constantly generating physical communications, the fluid movement of those documents poses a major challenge. To address this and maintain data security and compliance, businesses must build safeguards from the earliest stages of a document’s creation, by rolling out watertight Document Integrity processes and systems.

Between human error and malicious employees, the majority of data breaches originate inside a company’s walls. Unfortunately, employees and negligence remain the leading cause of security incidents representing more than 50 percent of data security breaches in the last year.

The objective of Document Integrity is to ensure that document processes generate sound, correct and valid documents. From document creation through to print output and mail, every stage is specifically designed to protect data and achieve compliance. Document Integrity also enables businesses to provide evidence that appropriate best practices, processes and controls are in place.

Document Integrity can ensure a high degree of data protection. With mailing, for example, private information can be inserted into the envelope without risk of being compromised by human handling. Inaccurate information, duplication of paperwork and missing content is also eliminated. In addition to protecting your customers’ privacy, Document Integrity also delivers financial benefits:

Reduced processing costs compared to manual handling
Cost of returned and undelivered communications eliminated
Minimized risk of financial penalties for non-compliance
No reduction in Customer Lifetime Value from people leaving when their data is compromised

Document Integrity requires a thoughtful and diligent approach, ideally combining File Based Processing with industry best practices. File Based Processing is a more effective alternative to traditional inserter control through direct scanning, providing the highest level of data security, with proof that every customer’s mail piece was assembled correctly. File Based Processing maximizes accuracy without sacrificing production speed, letting organizations know what is happening at any time during the mail run. It also quickly identifies and fixes errors and provides an audit trail for every page processed.

Until recently, File Based Processing was used almost exclusively in high-volume production environments. With advances in technology and new innovations, File Based Processing has become accessible to SMBs.

In File Based Processing, a Mail Run Data File (MRDF) containing all records and instructions for a given job allows the inserter to verify the accuracy of every page as it is processed. MRDF instructions tell the inserter precisely what to do with each page. Finally, every page in the end-to-end process is tracked to provide a complete audit trail for the mailing.

File Based Processing creates what’s called “closed loop integrity” for documents, since every part of the communication is verified back to the MRDF for accuracy, security and data privacy, offering the maximum in Document Integrity. New SaaS based solutions can even pull print files from multiple legacy data systems and allow users to add the latest bar coding technology to ensure document integrity across the workflow.

Of course, File Based Processing solutions are not all the same. SMBs should look into four key features.

File definition—Ideally, a system should be able to create a user defined file with site specific elements, for the greatest flexibility and extensibility.
Record format—In general, variable, user defined records will be more flexible and smaller, making them more cost efficient and effective.
Scan capabilities—This describes the system’s ability to identify the document and the lead times available to process the information and prepare the inserter for maximum efficiency.
Reconciliation—This is the ability of the system to initiate a process to regenerate documents damaged in processing, without human intervention.

Ultimately, combining high-performance technology with industry best practices and rolling these out to suppliers, partners and staff, creates a robust protective environment for physical documents. This level of Document Integrity means organizations can protect their physically printed information with the same level of security as their digital data.

For more information about how you can secure your physical data and ensure document integrity for your business, please visit www.pitneybowes.com/us.

¹Source: PWC 2015 Information Security Breaches Survey