The security and confidentiality of consumer data has become a pervasive societal issue. Well- documented breaches have heightened the public’s – and regulatory agencies’ concerns about how well companies are securing consumer-specific information captured at the point-of-sale.

RSAG’s Retail Data Security Benchmark Study, written in 2005, revealed that while many retailers collect and keep data about specific consumer purchases, there was room for improvement in securing that data. One year later, although many companies had taken steps to protect their computing environments via state-of-the-art network architectures, secure VPNs, firewalls, “DMZ’s,” malware filters and patch management, it was still unclear whether retailers were taking extra measures to ensure that consumer-specific information digitally stored within operational databases is kept confidential and secure.

The objective of the Customer Data Security Benchmark Study 2006-2007 was to get an update on how consumer-specific information is acquired, used, and secured by companies in the extended retail industry.