200 million-record breach: Why collecting too much data raises risk

[InfoSec News <alerts () infosecnews org>]

https://www.csoonline.com/article/3394048/200-million-record-breach-why-collecting-too-much-data-raises-risk.html

By J.M. Porup
Senior Writer
CSO
May 14, 2019

If you don't collect it, no one can steal it.

Sometimes the best way to secure customer data is not to collect it in the 
first place. While it can be tempting to "collect it all" just in case, most 
enterprises need far less data on their users to market to them effectively. 
Reducing the amount of data collected means that in the inevitable event of a 
breach, the repercussions will be far less severe.

"One of the things we're hearing from consumer brands is that they're doing 
less," Gerry Murray, director of marketing and sales technology research at 
IDC, says. "They're becoming more thoughtful about 'what do we want to know 
about you?'"

"For most commercial purposes you don't need to know that many things about a 
person, and sometimes you're better off not knowing," he adds.

The apparent breach of a 200 million-record direct marketing list that appears 
to originate from a 2015 opt-in list puts the issue into focus.

[...]



--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_