APRPEH: Data Breaches and Customer Loyalty

12 December 2008

Data Breaches and Customer Loyalty

Below is a discussion concerning whether or not businesses or organizations suffer any consumer based ramifications from a data breach. Here is my two cents. As the Stillsecure blog alludes to, breaches need to be defined based upon what was lost. There is a huge difference between losing sales based information ie. credit card or debit card account information (further sub-divided by adding checking account routing and account numbers) and actual personal identifying information (PII). One way to think about the loyalty question is to frame it within an understanding of the consequences to the consumer. When credit card or debit card numbers are lost in a breach what typically happens? Either the consumer or pro-actively the credit card issuer will cancel the card and mail the consumer a new one. Big deal. This is a minor cost to the consumer and while it may be an inconvenience, it will hardly affect the behavior of too many consumers.

Let's face it. Financial data is free flowing and many hands touch it. A consumer should expect that his/her credit and debit information will be stolen a few times during their adult life. If the credit or debit information were actually used, that is a slightly greater inconvenience. The consumer calls the issuer, denies knowing about the transaction and in 95% of the cases the charge to the consumer is written off as fraud. This still doesn't affect the loyalty too much. Throw in some credit monitoring and most consumers have very little reason to be concerned.

Now, what if what was lost was PII or medical records or tax/employment earnings records? That is a totally different matter, one which generates anger and fear in the minds of customers and yes brings to question loyalty. Is there another vendor I could patronize instead of the one who didn't take proper pre-cautions to guard my information? I have a cartoon on my desk which reads "I didn't say it was your fault. I said I'm going to blame it on you". Whether or not the data management of the organization was well crafted or not, the impression is that 'you lost it, its your fault' despite what could have been the best efforts of the organization to protect their records. And if the breach results in identity theft victims, the affected company had better prepare itself to cover the expense of identity restoration. While it does indeed matter what the relationship between the consumer and organization was before the breach, chances are the affected consumer is still going to re-think his/her relationship with the company after becoming a victim of fraud which is tied back to the organization's breach.

But this is business. An organization which experiences a data breach of PII MUST REACT PROPERLY, QUICKLY AND EFFECTIVELY by notifying the affected consumers and offering them some sort of compensation. This action is only partly to reduce the liability which could result in class action suits, but also Attorney General investigations. Call me cynical, but reacting properly to the breach is more important for the customers that you do not as of yet have than for the customers that the business currently has. Re-building reputation is potentially far more expensive than the costs of a proper response to data breach.

Do data breaches really cost companies customers? - Still Secure After All These Years Blog

Adam Dodge writing on the Security Catalyst blog (another great SBN member site) writes about how data breaches have a substantial impact on companies losing customers. Adam points out that nothing will make a company take security more seriously than hits to the bottom line. Adam cites two recent studies to prove how data breaches make customers lose faith in the breached companies and how a substantial amount (30% or more) terminate their relationship.

I don't buy this for a second. In fact I think for many kinds of breaches, it doesn't effect bottom line or customer loyalty at all. DSW Shoes,TJX, Best Buy - none of these retailers had any lingering effect to the bottom line or their stock prices as a result of data breaches. Adam's evidence from two studies are both sponsored by companies that make their living in id management and identity protection. These are hardly neutral parties.

I can understand if the data breach was your banking institution, but when it comes to retail at least, I don't think people stop shopping there. That is not to say that they don't get upset and on a short term basis bitch and moan about it. But long term the next time DSW has shoes on sale or Best Buy is running a great deal on HD TV, consumers will be lining up to buy. Also the fact that stock prices are not effected is not lost on executive management of these companies.

The fact is until there are real hits to the bottom line from these high profile breaches, as a business plan it may be cheaper to absorb the cost of a breach than to try to lock it down and prevent them.

* The two studies Adam mentions are here:

Javelin Research

Ponemon Study

What Words Offend Arabs? The Truth.

Children's Poetry Booklet Recalled After Arabs Complain
(Israeli censorship kowtows to Arabs.
When Will We Tell The Truth Without Fear)

(IsraelNN.com 7 Sivan 5768/June 10, '08) Ynet's web site and Arab complaints against a ten-year-old boy's poem about terrorists has resulted in the recall of all of the Nes Ziona municipality's children's poetry booklets.

Ynet boasts that its coverage of the poem resulted in its being recalled.

The text of the poem (Ynet's translation):

Ahmed's bunker has surprises galore: Grenades, rifles are hung on the wall. Ahmed is planning another bombing!What a bunker Ahmed has, who causes daily harm.Ahmed knows how to make a bomb. Ahmed is Ahmed, that's who he is, so don't forget to be careful of him.We get blasted while they have a blast!Ahmed and his friends could be wealthy and sunny, if only they wouldn't buy rockets with all their money.

Poetry competition director Marika Berkowitz, who published the booklet, was surprised at the protests and told Ynet: "This is the boy's creation and this is what he wanted to express. Of course there should be a limit, but I think the there is no racism here. 'Ahmed' is a general term for the enemy. These are the murmurings of an innocent child."

The Education Ministry told Ynet: "The local authority that published the booklet should have guided the students in a more correct manner through the schools. The district will investigate the issue with the local authorities."

The Bare Basic Facts of the History of Palestine

The Bare Basic Facts of the History of Palestine.
Louis Rene Beres - Feb 21, 2009
The Jewish Press
President Barack Obama has already placed the Middle East at the very top of his foreign policy agenda. There is nothing inherently wrong with this - quite the contrary. The problem, however, is that the new administration's ambitious negotiations remain structured upon altogether erroneous assumptions. In this connection, the gravest continuing misrepresentation of all is that there are Arab lands under an Israeli occupation.

Today, as always, words matter. Over the years, a notably durable Arab patience in building Palestine upon whole mountains of Jewish corpses has drawn directly upon a prior linguistic victory. Yet, the still generally unchallenged language referring provocatively to an Israeli occupation always overlooks the pertinent and logically incontestable history of the West Bank (Judea/Samaria) and Gaza.

Perhaps the most evident omission still concerns the precise and unwitting manner in which these Territories fell into Israel's hands in the first place. Here it is simply and widely disregarded that occupation followed the multi-state Arab state aggression of 1967. Egypt Syria or Jordan, of course, never disguised this aggression.

A sovereign state of Palestine did not exist before 1967
or 1948. Nor, did UN Security Council Resolution 242 ever promise a state of Palestine. Contrary to popular understanding, a state of Palestine has never existed. Never. Even as a non-state legal entity Palestine ceased to exist m 1948 when Great Britain relinquished its League of Nations mandate. During the 1948-49 Israeli War of Independence (a war of survival fought because the entire Arab world had rejected the authoritative United Nations resolution creating a Jewish State), the West Bank and Gaza came under flagrantly illegal control of Jordan and Egypt, respectively. These Arab conquests did not put an end to an already-existing state or to an ongoing trust territory. What these aggressions did accomplish was the effective prevention, sui generis, (Being the only example of its kind; unique) of a state of Palestine.

Let us return to an earlier history. From the Biblical Period (ca 1350 BCE to 586 BCE) to the British Mandate (1918 - 1948), the land, named by the Romans after the ancient Philistines was controlled only by non-Palestinian elements. Significantly, however, a continuous chain of Jewish possession of the land was legally recognized after World War I at the San Remo Peace Conference of April 1920. There, a binding treaty was signed in which Great Britain was given mandatory authority over Palestine (the area had been ruled by the Ottoman Turks since 1516) to prepare it to become the national home for the Jewish People. Palestine, according to the Treaty comprised territories encompassing what are now the Jordan and Israel, including the West Bank and Gaza.

Present day Israel comprises only 22 percent of Palestine as defined and ratified at the San Remo Peace Conference. In 1922, Great Britain unilaterally and without any lawful authority split off 78 percent of the lands promised to the Jews - all of Palestine east of the Jordan - and gave it to Abdullah, the non-Palestinian son of the Sharif of Mecca. Eastern-Palestine now took the name Transjordan, which it retained until April 1949, when it was renamed as Jordan. From the moment of its creation, Transjordan was closed to all Jewish migration and settlement - a clear betrayal of the British promise in the Balfour Declaration of 1917, and a patent contravention of its Mandatory obligations under international law.

On July 20, 1951, a Palestinian Arab assassinated King Abdullah for the latter's hostility to Palestinian aspirations and concerns. Regarding these aspirations, Jordan's moderate King Hussein - 19 years later, during September 1970 - brutally murdered thousands of defenseless Palestinians under his jurisdiction. In 1947, several years prior to Abdullah's killing, the newly-formed United Nations, rather than designate the entire land west of the Jordan River as the long-promised Jewish national homeland, enacted a second partition. Curiously, because this second fission again gave complete advantage to Arab interests, Jewish leaders accepted the painful judgment.

As readers of The Jewish Press already know all too well, the Arab states did not. On May 15, 1948, exactly 24 hours after the State of Israel came into existence, Azzam Pasha, Secretary General of the Arab League, declared to a tiny new country founded upon the ashes of the Holocaust: This will be a war of extermination and a momentous massacre. This unambiguous declaration of genocide has been at the core of all subsequent Arab orientations toward Imoderate' Fatah. Even, by the strict legal standards of the Convention on the Prevention and Punishment of the Crime of Genocide, Arab actions and attitudes toward the microscopic Jewish state in their midst, has remained patently devoted to the annhilation of Israel. For some reason, this persistence has repeatedly been made to appear benign. However, President Obama and Senator Mitchell now have a clear obligation to look behind these propagandistic appearances.

In 1967, almost 20 years alter Israel's entry into the community of states, the Jewish state, as a result of its unexpected military victory over Arab aggressor states, gained unintended control over West Bank and Gaza. Although the inadmissibility of the acquisition of territory by war is properly codified in the UN Charter, there existed no authoritative sovereign to whom the Territories could be returned. Israel could hardly have been expected to transfer them back to Jordan and Egypt, which had exercised unauthorized and terribly cruel control since the Arab-initiated war of extermination in 1948-49. Moreover, the idea of Palestinian self-determination had only just begun to emerge after the Six-Day War, and, significantly, had not even been included in UN Security Council Resolution 242 which was adopted on November 22, 1967.

For their part, the Arab states convened a summit in Khartoum in August 1967, concluding "no peace with Israel, no recognition of Israel, no negotiations with it." The Palestine Liberation Organization (PLO) was formed three years earlier, in 1964, before there were any Israeli Occupied Territories. Exactly what was it, therefore that the PLO sought to liberate between 1964 and 1967? This critical question should now be considered by Barack Obama's special envoy to the region, Senator George Mitchell.

This has been a very brief account of essential historic reasons why the so-called Palestinian Territories are not occupied by Israel. Several other equally valid reasons stem from Israel's intrinsic legal right to security and self-defense. As I have said so often in this column, international law is not a suicide pact. Because a Palestinian state would severely threaten the very existence of Israel- a fact that remains altogether unhidden even in the Arab media and governments - the Jewish State is under no binding obligation to-end a falsely alleged occupation. No state, not even a Jewish one, can ever be required to accept complicity in its own dismemberment.

No doubt, both President Obama and Senator Mitchell want to be fair and evenhanded in their developing plans for the Middle East. To meet this obligation, however, it is essential that they first build all pertinent negotiations upon a firm foundation of historical accuracy and ethical truth. This means, at a minimum, the aspiring US peacemakers must familiarize themselves with correct history, and not simply allow themselves to be swallowed up with their many predecessors in ritualistic dogma and empty platitudes.

LOUIS RENE BERES was educated at Princeton (Ph D, 1971) and is a long-time expert in international relations and international law.

The Bare Basic Facts of the History of Palestine

LOOKING FOR ID THEFT INFORMATION?

Subscribe Here

Dear Gentiles

Hebrew Date

Hebrew Date

Rabbi Posner

Chabad News

Kashrus

Torah Lab

Orthodox Union

Torah from YU

Learn or Burn - It's All Here Torah Audio

Chabad.org -- Daily Quote

Cross-Currents

A Torah Minute

Gateways - Ask the Rabbi

Ohr Somayach - Ohrnet

Jewish American History Online

Try Some Jewish Music

Ynet - Jewish Scene

Feed Counts

Worth Your Time

12 December 2008

Data Breaches and Customer Loyalty

0 comments:

Subscribe To

What Words Offend Arabs? The Truth.

Twitter Updates

Twitter Updates

APRPEH -The Latest

Search APRPEH

Subscribe To

Subscribe via Email

Tweets by APRPEH

JPost.com - Front Page

Times of Israel

Jewish News Syndicate

Israel HaYom

World Israel News

Arutz Sheva News Briefs

The Meir Amit Intelligence and Terrorism Information Center

Daily News Alert from Israel - COP/JCPA

ארץ ישראל

Israel News From Google

Yeshiva World News

The Rebbe on The Land of Israel

Fmr Arab MK Azmi Bishara: There is no Palestine

The Elon PLan

ZOA

Masada2000

CAMERA

The Dry Bones Blog - Cartooning to Israel

APRPEH on FR

Blog Archive

CIA

The Bare Basic Facts of the History of Palestine

Subscribe To APRPEH

Laptop Security Blog

Schneier on Security

Phishing Scams - Millersmiles

Legal: Identity Theft Articles from EzineArticles.com

IT Industry Today: Identity Theft News

Followers