In the last few years, we’ve all become more comfortable with online shopping. Whether we’re buying household supplies, groceries or apparel, we provide our personal information to large and small retailers and assume it’s safe. But more and more often, we’ve also been on the receiving end of a notification from our favorite retail store letting us know that our sensitive data may have appeared in a data breach. These jump scares beg the questions: where are retail companies storing customer PII? Who has access to it? And how is it protected?
The direct-to-consumer retail industry is responsible for protecting the Personal Identifiable Information (PII) of its customers. Wise retailers know that earning the trust of their customers has a lot to do with their responsibility of safeguarding the data they are entrusted with.
Depending on the location of the retailer, certain data privacy and protection regulations around customer PII may apply. European retailers are required to comply with GDPR, whereas the United States doesn’t have federal level data protection regulations. In some cases, this may mean the customer PII can be left exposed and susceptible to breach. In order to maintain customer confidence and loyalty to stay ahead of the competition, retailers must keep customer PII secure.
One of ALTR’s Enterprise customers, a multinational privately owned fast-fashion retail corporation with a direct-to-consumer presence, recognized the need to correctly store and protect the sensitive data entrusted to them. This corporation is responsible for over 60 million customer email addresses, mailing addresses and names.
Because of their multinational presence, this corporation falls under multiple privacy regulations, pressing the need for ALTR’s data governance solution within Snowflake.
The Challenge – Who is Allowed Access to 60 Million Rows of Customer PII
When this retailer makes a new sale, the buyer is prompted to input a series of personally identifiable information data points - their name, email address, cell phone number, and mailing address to name a few. The concern arose that if every employee within the organization had uncontrolled access to the PII stored within their database, anyone could wrongfully distribute this data to competitors or to unsafe hands.
When the data team at this retail company approached ALTR, their main concern was limiting the access that internal employees had to the data within their database and monitoring how it was being used. The additional challenge was that the company needed to add that protection while also allowing certain unique elements of the data to be accessible and usable for reporting purposes.
The Solution – Implement a Custom Masking Policy to Meet the Unique Needs of the Customer
After discussing the customer’s business goals, ALTR rolled out a two-step plan to accomplish the retailer’s data governance needs, starting with a custom masking policy and following that with access controls.
First, a custom masking policy allows emails, names, and other PII to enter the retailer’s cloud data warehouse, Snowflake, and be obfuscated depending on user access levels to mask and protect sensitive data.
An example of a typical masking policy within ALTR would take the email “email@example.com” and transform it to appear as “*****@gmail.com” or “**********” depending on the mask. This type of masking is beneficial to protect sensitive data but doesn’t allow users to actually use the data for reporting or otherwise since there is nothing to differentiate individual emails from each other.
On the other hand, this retail client built their own custom masking policy to create a unique pattern for each individual email address, allowing the sensitive data to be protected and while still being usable. As an example, the email firstname.lastname@example.org might get a pattern like email@example.com every time it’s viewed and firstname.lastname@example.org would appear as svse;email@example.com every time it’s viewed. Both formats protect the sensitive data, while still allowing the emails to be individually identified to be usable for the business.
The final step was building a policy that would limit access to data depending on specific user role parameters set ahead of time. These access policies are controlled by ALTR using Snowflake’s native functionality. This eliminates the need for a data engineer to write SQL code within Snowflake to determine access control—saving the team time, lowering risk of breach, and giving full transparency to user access.
The Results – Greater Data Usage Visibility, Lower Risk
Once the ALTR data access control policies are fully implemented, this retailer will gain increased visibility into user data access and lower risk of unauthorized access to customer PII. The data team will know that their sensitive data is protected both from internal users and external threats. It will also give the data team more time to focus on other projects because the process of adding or removing individual access becomes easier and less error prone. The retailer will also gain audit logs detailing which users accessed which data, when and how much, helping the company reply to an audit should it arise.
ALTR’s retail customer can be more confident that its sensitive client data is safe, and its trusted relationship with its customers is secure.