When people think about data breaches big retailers like Target, where personal data of 70 million customers was affected, come to mind or more recently health insurer Anthem, where a data breach affected 80 million people and could cost the company $100 million. But I’d like to suggest that when you think about your rewards and recognition program, you also think about the security of the data it contains.
When organizations are looking for a great rewards and recognition program, their focus is on employee engagement. This is understandable, given the positive impact an engaged workforce has on business goals. However, most rewards and recognition programs require some level of personally identifiable information (PII) to meet program requirements, such as mailing addresses for shipping gifts or issuing 1099s, and protecting that data should be a top priority.
In the incentive industry we take data security very seriously. We know that there are numerous places where a gap in security can happen: old systems that don’t send an alert of multiple failed attempts, failure to lock accounts after a designated number of access attempts, failure to safeguard data from unauthorized individuals, allowing simple passwords that are easy to break, or even lack of a computer security incident response plan.
If you’re in the process of vendor selection for your rewards and recognition program, or even if you already have a program in place, look at data security from every angle.
Here are steps you can take right now to make sure the data in your program is as secure as possible:
As more data is migrated to the cloud, where it will be accessible by multiple devices, businesses will need to put in place additional safeguards to protect customer data. By performing regular, comprehensive Security Due Diligence of your rewards and recognition program vendor, you will quickly know if those safeguards are in place.
Marketing Innovators International, Inc. is PCI and US-EU Safe Harbor Compliant