When it Comes to Data, Less is Better | eWeek

When it Comes to Data, Less is Better

Écrit par
Larry Dignan
Larry Dignan
May 3, 2005
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Polo Ralph Lauren loses the personal information of 180,000 HSBC North America customers. DSW Shoe Warehouse discovers credit card and check data on 1.4 million transactions has been stolen. Bank of America loses backup tapes with the personal information of 1.2 million federal employees.

Why are these security breaches happening?

The answers generally offered by the leaky keepers of data on customers all sound familiar—software glitches, lax security procedures and criminal activity.

Another reason, never offered: Companies are data pack rats, collecting customer information for years without knowing what data is lying around or whether it even holds business value, say security experts such as Alan Brill, senior managing director at Kroll Ontrack.

The fix: Go on a data diet. Reduce the amount of data you keep around, a process called “data minimization.”

Such minimization wont end the theft of customer information, but it will limit what data there is to steal (or lose).

Companies often learn the hard way. Polo Ralph Lauren spokeswoman Alex Cohan says the company “had more data on hand than we needed in the point-of-sale system.” The company wouldnt comment on what data was stored, but credit card magnetic strips contain items such as account numbers, three-digit verification codes and expiration dates.

Now that Polo Ralph Laurens system, provided by Micros Systems Datavantage unit, has been patched, Cohan says only information needed to complete the sale—namely, credit card number and authorization—is collected.

“No one asks whether a company really needs to keep all this information lying around,” Brill says. “Is there a reasonable business reason to keep it?”

According to Brill, companies need to go on a “data minimization” quest to cut risks. Go through all your processes and purge data that doesnt serve a business purpose. In a data-minimized world, a retailer, for instance, wouldnt keep credit card numbers on transactions beyond its return policy. Social Security numbers wouldnt be collected at all. Addresses for former customers could be purged after, say, three years. Temporary workers and offshore contractors would only see the data necessary to do a task.

/zimages/1/28571.gifRead the full story on Baselinemag.com: When it Comes to Data, Less is Better

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.