Data privacy and security: talk less, do more

Every so often an article is shared that provokes a collective, vigorous nodding of heads – and even the occasional repetitive strain injury – here at Red Sift HQ. This recent piece from TechCrunch is one such example, highlighting as it does the fact that, rather remarkably, the line, ‘We take your privacy and security seriously’ appears in more than one-third of recent data breach notifications filed in the state of California.

It’s little more than a basic piece of desk research, but it demonstrates precisely why trust in consumer-facing organizations is in crisis (with an annual trust barometer highlighting that customer trust in businesses is at an unsatisfactory 56 percent in 2019).

Companies are not walking the walk; how can they be when they’re claiming to value user security and privacy at the very moment they’re ‘fessing up to a data breach?

Security isn’t easy

We’re not looking to take the moral high ground and castigate each and every organization that has ever suffered a data breach. Ensuring effective security, 24/7, across every conceivable attack vector – including every partner and stakeholder in an organization’s supply chain – is a massively complex undertaking.

Firms may well make mistakes at various points because hackers are incredibly smart and make it their business to prey upon not just tech weakness, but human vulnerability in all manner of pernicious ways.

Some firms may also be misled by security vendors, who have a tendency to over-promise and under-deliver, leaving them vulnerable to attack despite their good intentions and willingness to invest in their defenses.

However, the TechCrunch piece brings two key points to the foreground:

  1. Companies have got to improve their security basics
  2. Companies must make their security and privacy policies far more transparent and accessible to their customers

The truth is that many organizations leave giant chinks in their armor by failing to address relatively clear-cut vulnerabilities.

A great example of this is email spoofing. It’s perfectly possible to stop hackers from impersonating a company’s email domain by implementing the DMARC email protocol. This protocol was created by some of the most high-profile tech companies in the world, it has been around for half a decade, the UK Government advocates for its use, and yet some companies don’t bother exploring how to implement it.

Going forward

If companies start stamping out such basic vulnerabilities and then take the time to communicate these steps and make customers aware of what they’re doing, then a) there will be fewer data breaches in the first place, and b) customers might start to believe that, indeed, their data privacy and security is now being taken seriously.

Of course, restoring customer trust also requires companies to be clearer about what data they’re storing and for what purposes. It isn’t mentioned in the TechCrunch piece, but when most companies’ privacy policies are written in legalese and are as long as Beowulf, then it’s no wonder customers don’t know what’s going on and feel all the more outraged in the event of a data breach, irrespective of how it occurred.

At Red Sift, we don’t believe there should be a blanket ban on use of the phrase, ‘We take your privacy and security seriously’ because we still have faith that the vast majority of organizations do mean it. But until they start walking the walk, consistently, and having a sincere and open conversation with their customers about privacy and security issues, the trust deficit only looks set to grow.

Red Sift enables security-first organizations to successfully communicate with and ensure the trust of their employees, vendors, and customers.

Red Sift find out more


Clare Holmes

27 Feb. 2019



Recent Posts


Red Sift Recognized on Deloitte’s EMEA Fast 500™ List

Francesca Rünger-Field

We’re thrilled to share that Red Sift has been included in Deloitte’s 2023 EMEA Fast 500 list. This recognition stems from 389% revenue growth over three years, $54 million in Series B funding, acquiring ASM innovator Hardenize, and introducing the Red Sift Pulse Platform. Read the press release here. About the award The Deloitte Technology Fast…

Read more
Brand Protection

The vital role of cybersecurity for Nonprofits: A deep dive 

Sean Costigan

Save the Children, a beacon of hope and change, has been dedicated to improving the lives of children for over a century. Founded in London, it now has a presence in 29 nations, employing 844 staff members in the UK alone and engaging over 3600 formal volunteers. As charities and nonprofits like Save the…

Read more

Red Sift brings DMARC data to the SOC with new Cisco XDR…

Rebecca Warren

Today, we’re thrilled to announce that we’re extending our partnership by joining the Cisco Security Technical Alliance and integrating Red Sift OnDMARC with Cisco XDR. This integration builds on the Domain Protection partnership we announced in November 2023 to bring visibility of business email compromise into the SOC (security operations center). At release, Red…

Read more

Preventing certificate related violations in cybersecurity frameworks:  A guide to certificate monitoring…

Rebecca Warren

TLS is one of the most widely adopted security protocols in the world allowing for unprecedented levels of commerce across the internet.  At the core of the TLS protocol is TLS certificates. Organizations must deploy TLS certificates and corresponding private keys to their systems to provide them with unique identities that can be reliably…

Read more