Today, companies face cyber attacks every day. And when attackers break in, they gain access to a lot of personal information about the affected company’s customers. Major investments in cybersecurity are therefore a must for every company. But in the event of a data breach, there is one final straw that isn’t given enough thought today: Is all of this personal data really necessary?

We are increasingly hearing stories of cyberattacks stealing personal information from millions of customers. For example, VF Corporation, the parent brand of The North Face, was hit by a data breach a few months ago. No fewer than 35 million customers’ data was compromised: email addresses, names, phone numbers and shipping addresses. Fortunately, the cybercriminals were not affected by the bank and credit card details.

Cyber ​​attackers make a lot of money from stolen personal data, for example by selling the data to other cyber criminals via the Dark Web. They in turn misuse the data. Data is big business, even in the cyber underworld. Cybercriminals use this data to send credible phishing emails. Or the data allows them to access other accounts. If you’re completely unlucky, criminals will even take over your identity and order items in your name and with your money.

Is this personal data necessary?

As I said: data is big business. Companies collect a lot of personal data “to improve their services”. This seems harmless, but it can have serious consequences. If a company doesn’t take security rules very seriously and hasn’t updated on time, a cybercriminal will soon be involved. And then it is not difficult to obtain this data. It is therefore still crucial for companies to properly secure everything to reduce the risk of a data breach. But you should also ask yourself whether it is necessary to collect all this personal data from your customers.

Companies collect a lot of personal data “to improve their services”. This seems harmless, but it can have serious consequences.

Cindy Wubben, Chief Information Security Officer at Visma Benelux

Of course, the name, address and place of residence of a customer are important. However, customers are often also asked to provide additional information, such as telephone number, gender, profession, date of birth or nationality. From a marketing perspective, companies naturally see many advantages in this. If you know your customers’ birth dates, you can send them a personalized message to congratulate them every year. But is this data necessary to provide a good service? Do companies not need enough basic information?

Be careful about the information you ask for/give out

To better protect their customers, companies should stop requesting personal data that they don’t necessarily need. Because what happens if this information falls into criminal hands? This is not only annoying for the customer, but also causes serious reputational damage to the company. Of course, consumers also need to be more discerning and think twice before sharing their data. For example, when paying or creating an account, you can often only fill out mandatory fields. Is a company asking for too much information? Then this organization may not be taking enough care to protect your data.

As a business, you must decide whether you want to collect data to improve your sales and marketing or whether you want to limit data to protect your customers. However, if we want to create a healthy digital environment, we must be aware of our privacy rights and make informed decisions about the personal data we share.

This is a post from Cindy Wubben, Chief Information Security Officer at Visma Benelux. Click here for more information about the SaaS solutions the company offers.