Complying With Data Security Standards

Meet Always Happy Rent-A-Car, an up-and-coming rental company that's purely fictional. Always Happy RAC has increased its online reservations' volume 33% in the past two years. The company has also introduced a customer loyalty program and used data mining techniques to overhaul its marketing initiatives.

As a result, the president of Always Happy RAC in January forecasted 15% profit growth for the coming year. But there's only one problem: A computer hacker 2,000 miles away has made the RAC's Web site the target of Structured Query Language (SQL) injection attacks. Though Always Happy's homepage assures customers that their transactions are secure, the truth is that the company doesn't store customers' personal data in an encrypted format. The hacker is able to access customers' credit card numbers and home addresses stored in unencrypted clear text.

After the hacker sells the customer data to an identity-theft crime ring, law enforcement officials eventually trace the problems to Always Happy. The company becomes yet another target -- of customer lawsuits and a Federal Trade Commission investigation.

Yes, this cautionary tale is fictional. But it's not that far-fetched. The Federal Trade Commission has filed a number of cases against companies that sell products and services online, charging them with making deceptive claims about how they store customers' personal information.

Car rental companies of all sizes are booking more rentals on their own Web site and requiring the transmission of personal information like home addresses, phone numbers and sometimes credit card numbers. But if your company stores this information on its own servers, you need to establish a security program designed to protect that data's confidentiality and integrity. You also need third-party audits and company-wide training about the importance of protecting customers' personal information.

"Consumers have the right to expect companies to keep their promises about the security of the confidential consumer information they collect," said Lydia Parnes, acting director of the FTC's Bureau of Consumer Protection, in a statement released to the press last November.

What spurred Parnes' statement? It was part of the FTC's announcement that it had settled a case against Petco Animal Supplies, in which the agency accused of security flaws.

CONTINUED:  Complying With Data Security Standards
« Previous  |  1  2  |  Next »

Comment On This Story

Comment: (Max. 10000 characters)  
Please leave blank:
* Please note that every comment is moderated.


Newsletter: Sign up to receive latest news, articles, and much more.

Read the latest

Auto Focus Blog: A blog covering fleets, auto rental and the business of cars

6 Takeaways from the 2018 International Car Rental Show

Technological solutions are finally moving from reality to theory, peer-to-peer platforms are being redefined, China has the biggest room for growth, while Sixt’s U.S. aspirations have only just begun.

The Irony of Customer Service in the Digital Age

Sure, any company would jump at the chance to use technology to reduce labor costs. But it also comes with some big, red, flashing warning lights.

Market Forces Driving Car Rental in 2018

An analysis of the conference calls of Avis Budget Group and Hertz Global Holdings reveal trends and initiatives involving fleet right sizing, pricing, ancillary revenue opportunities, and renting to ride-hailing drivers.

Job Finder: Access Top Talent. Fill Key Positions.