LP 101: Data Protection and Privacy

information security policy, fraud with credit cards

Building a successful career in loss prevention has always been predicated on the commitment to professional growth and development. Working in a business as dynamic as retail, it is essential that we remain flexible in our methods and progressive in our approach to data protection. As the business moves forward change comes quickly, and our skills and abilities must evolve to meet the needs and expectations of a new professional standard.

Data Protection and Privacy

Information is a critical asset within today’s retail enterprises, and is a vital component for all of our strategic objectives. Technology has opened many doors, and has put a tremendous wealth of information virtually at our fingertips. And as companies have become more widely distributed, they have simultaneously become more connected as a result of the technological explosion that only seems to gain momentum with each passing day. Change, growth and competition have beckoned for systems that make us more efficient and less myopic in our approach to the business of retail, and technology has helped us to respond in a big way.

In this type of data-intensive environment, the ability to access information quickly and efficiently has become an essential ingredient of our business functions. Our reliance on information and information processes has made our companies stronger, faster, and more cost effective. But while this has led to many important business revelations, that same dependence also poses certain risks. An interruption or collapse in our information systems could ultimately threaten the survival of the organization. As a consequence, the confidentiality, integrity and availability of our information systems must be protected at all times.

- Sponsor -

Data security has become a critical issue, and is considered a core aspect of many retail industry, we are facing a landscape that has changed dramatically in recent years, and continues to evolve on a daily basis. Critical data no longer rests safely in fortified data centers. Instead, that information is scattered throughout the organization, across remote office networks, and often on employee laptops and hand-held devices. From the district or regional manager who boots up a laptop to access the latest sales figures, to the POS systems that may include thousands of machines across the company, to the array of other computers, smartphones and other tools used throughout the organization, data is everywhere, and must be protected.

While companies are spending millions to secure critical information, incidents of network intrusions that result in compromised data are on the rise; the business threats associated with inadequate security policies and practices are more significant than ever. These potential threats—whether as the result of accidental and situational exposures or deliberate attacks—can result in the interruption of business services and have a substantial impact on company profitability. This may also result in data breaches that can expose confidential information, leading to devastating outcomes for our customers, our employees, and our business. Building awareness and managing potential risks therefore becomes essential to the resilience of the organization.

Data protection technologies such as firewalls, intrusion detection systems, antivirus software, virtual private networks (VPNs) and other protection tools are critical to the effective fortification of company systems. However, these technologies are merely components of a more inclusive and complex infrastructure necessary to support the reliability and integrity of business processes. We must have adequate training and education programs. It’s vital to have appropriate policies and procedures that protect the way that data is created, collected, stored, processed and distributed. Sufficient checks and balances that help to ensure program consistency and dependability are crucial. But we must also develop strong and supportive relationships with our information technology colleagues to ensure a viable partnership that best serves the needs of the organization. When it comes to information systems, we not only must become proficient at using data to serve the needs of our company and customers, but we must also become superior custodians of that information.

Privacy and protection of information are paramount to the success of any business. Customers expect that their information will be protected from exposure and/or modification, and will be used exclusively for intended business purposes. Stakeholders expect confidential business information to be safeguarded from access and manipulation. Employees expect their personal information to remain private and confidential. Every source of critical data must be secured and defended in order to maintain the trust necessary to operate a successful organization.

To learn more about developing your leadership skills and the certification process, visit www.losspreventionfoundation.org.

Stay Updated

Get critical information for loss prevention professionals, security and retail management delivered right to your inbox.