On Protecting Customer Data

David Dorf of the Oracle Retail Product Strategy Team, writes an excellent byline in SC Magazine, "Avoid the PCI hype, but use the standard as a rallying point."

Retailers that focus solely on PCI compliance are taking a shortsighted view and making a critical mistake. In an industry where performance is measured on a weekly basis and where there are 12 distinct data points for reporting to Wall Street, as opposed to four in other industries, there is always a danger of getting caught in the moment and failing to adequately plan for the long haul. This is certainly the case for many retailers in addressing enterprise security and is further complicated by the myriad of security and privacy standards, laws and guidelines that are in play today.

David goes on to point out that from a privacy perspective, retailers often view sensitive data only in terms of data related to payment cards. However, the scope of sensitive data "should extend to any information about an identifiable individual."