This opinion was provided by Simon Casey, Director at Seekom, a Hospitality New Zealand partner.
Privacy is an issue that no Software as a Service (SaaS) business can ever take for granted. Originally, computer applications were installed on desktop PCs or servers and the data created was held only on the local hardware. As such, scant regard was given to privacy as it stayed on the local hardware and was not easy to access although it has happened. Mostly through removable storage such as floppy disks (remember them) and more lately USB memory sticks.
Then as applications moved from the local hardware to the cloud, so too did the data storage. This had some immediate benefits with one of the major ones being that you no longer needed to backup your data and it could be accessed from any device capable of accessing the internet.
That amazing benefit soon showed the risks involved if security was not improved. For early implementations, hackers would attempt to get access to stored credit card data. This resulted in the credit card companies developing PCI accreditation to help ensure credit card data was stored securely. All service providers storing or transacting credit card data had to have PCI compliance or their customers would be refused ecommerce capability.
But the stringent security rules placed on credit card data was often not extended to the users private information such as names and contact details. Email addresses especially would be hacked to provide spammers with huge volumes of private email addresses. It also allowed identity theft.
Europe was the first to bring out the General Data Protection Regulation or GDPR. This included fines for any service provider who did not effectively manage the privacy of personal information. It allowed users to have the ability to even be "forgotten" i.e. data about them removed at their request.
As a service provider handling personal contact details, we at Seekom are continually improving our systems and security to ensure that personal contact details are available only for the purpose for which the user intended. This means encryption and tighter access to personal information.
If a service provider has a breach of privacy, not only will there be fines associated with the breach but the more serious effect will be the credibility loss. No one wants their business to be in the news for the wrong reasons. Make sure your systems are air tight and never let complacency get in the way. Get your system checked by an independent security tester. You may be surprised how many holes your system might have and it is only good luck rather than good management that has saved you.
Want to find out more about Seekom and their Hospitality New Zealand member advantage? Click here.