(name of a child in the circle) stole the cookie from the cookie jar.
Accused: Who, me?
Accuser/Group: Yes, you!
Accused: Not me!/Couldn't be!/Wasn't me!
Accuser/Group: Then who?
When data goes missing, or is stolen , it can become a case of cat and mouse game for a while until the police and data detectives zero down upon the cause, which can vary from failed anti virus software's , firewalls or the age old case of mischievous humans.
Tackling dishonest behavior is the most difficult when it comes to data security. After all companies can easily control unauthorized data access by use of passwords , magnetic stripe cards or the new -age biometric systems and "electric-eye"devices. Viruses and malicious codes can be curbed by implementing anti-virus software's and firewalls. Data can be encrypted and the company premises could be carefully designated with a safe space for the computers. A company can train it employees about information security policies.
However what about dishonest employees?
Consider the following snippet where fraudsters were found to withdraw money from an ATM.
Later it was found that employees of the company were accomplices to the fraudsters.
As highlighted in the snippet above most banks have a "Know Your Customer "(KYC) policy.
Know your Customer
Most banks and financial institutions have put in place a policy framework to know their customers before opening any account.
KYC is a policy that comprises of collecting customer details at the account opening stage.The customer is required to submit proof of identity and proof of address. Some banks may even ask for verification by an existing account holder.
Of course policies likes knowledge don't benefit anyone unlike action is taken to implement them.
"Know Your Customer" At The Micro Level
Hilton Hotels take the"Know Your Customer" policy to a luxurious level.
Hilton is a leader in information technology in its industry, and one of its leading-edge database applications is its Guest Profile Manager (GPM.) This is a customer relationship management (CRM) system that strives to achieve guest recognition and guest acknowledgement at all customer "touch points." These include email, contact at the hotel front desk, special channels on the in-room television, the Audix voice mail system, and post-stay surveys. For example, in the CRM spirit of developing a personalized relationship with the customer, when a guest checks in at any Hilton property, the front desk clerk receives information on their terminal that allows them to say, "Welcome back to Hilton, Mr. Smith," or "Welcome, Ms. Jones. I understand this is your first visit to this hotel (or to Hilton Hotels)." Both the front desk clerk and the housekeeping staff also get information on customer preferences and past complaints, such as
wanting a room with good water pressure and not wanting a noisy room. Targeted customers such as frequent guests might find fruit baskets, bottled water, or bathrobes in their rooms. The system even prepares personalized voice-mail greetings on the guest's in-room telephone.The system, uses an Informix DBMS on a Sun Microsystems platform.(Gillenson)
IBM Informix is a product family within IBM's Information Management division that is centered on several relational database management system (RDBMS) offerings. (Wikipedia).
Thus the implementation of such sophisticated CRM's may help curb security breaches, prevent identity theft, identity fraud, money laundering, terrorist financing and other financially related perils. We cannot curb the criminal behavior of human minds but we can know our clients behavior and use it for damage control or for providing them with with customized luxurious welcomes.
References
"ATM Fraudster Took Help of Employees." The Times Of India. N.p., n.d. Web. 30 July 2012.
<http://articles.timesofindia.indiatimes.com/2012-06-23/india/32381806_1_atm-cards-kerala-police-federal-bank>.
Gillenson, Mark L. "7." Fundamentals of Database Management Systems. Hoboken, NJ: Wiley, 2005.
N.pag. Print.
"Hilton Offers Chinese Guests a Special Welcome." « Hotel & Restaurant. N.p., n.d. Web. 30 July 2012.
<http://www.hotelandrestaurant.co.za/tourism/hilton-offers-chinese-guests-a-special-welcome/>.
Wikipedia. Wikimedia Foundation, 31 July 2012. Web. 30 July 2012.
<http://en.wikipedia.org/wiki/IBM_Informix>.
Aysha, Your post speaks a lot about what we are discussing in class this week in regards to data responsibility and stewardship. For employees, this begins with culture. Entering the workplace as an employee expected to manage and interact with data, this person should be presented with the do's and don'ts before even receiving credentials to access. Not to sound cliche, but it is not too strong to describe to this person that "with great power, comes great responsibility". For this person, education on data responsibility should finally be about the greater good not just the individual. By sharing the risk, ethical wisdom shows the person will at least recognize right from wrong.
ReplyDeleteNow, as you described on Hilton's approach, there is a systematic way of ensuring data privacy inside the company through the use of CRM systems. The CRM does manage the data like a person, but has some mechanisms to protect the data and the company. The most simple is an audit trail, an automated log of all functions by table, by a person, or by a report. If something wrong is taking place, it will be logged and recorded.
In the end, is it education, is it fear, is it empathy, I'm not sure there is a clear deterrent from greedily taking advantage of data. On the positive side, those data administration staff are trained to be responsible and show characteristics that improve those around them. Combine them with good guidelines (not strong policy) and you're moving in the right direction.
Good post!