Intersections Report: Consumers Want Companies to Do More to Protect Their Privacy; Security Breaches Creating Challenges and Opportunities for Companies

At least 130 data breaches exposed the personalinformation of more than 55 million Americans last year. The flurry ofreported data breaches, driven in part by new security breachnotification laws, is changing consumer perceptions and forcingcompanies to rethink how they communicate with and engage consumers onissues of privacy and security, according to a new report fromIntersections Inc. (NASDAQ:INTX).

The report, 2005: The Year of the Breach?, shows that more thanthree out of four consumers who are aware of data breaches areconcerned about the potential loss of or unauthorized access to theirinformation while in the hands of an institution. More than half havealready taken some type of action as a result of this concern, such aschecking credit reports, curtailing online shopping or avoidingtransactions that require them to share personal data.

According to the report, "Just as telemarketers braced for a seachange in their business practices with the implementation of theNational Do Not Call Registry, the many companies that collect,maintain and sell consumers' personal data may be faced with similarchallenges in the coming months and years."

Among six categories of institutions frequently targeted bysecurity breaches, only two - banks/financial institutions and healthcare providers - held overall positive perceptions among a majority ofconsumers with regard to protecting their personal information. Infact, these two groups seem to be the most prepared to deal with datasecurity issues. Online retailers, small businesses and mobile phonecompanies all scored much lower on the confidence scale.

The challenges to these companies, however, could translate intonew business opportunities for savvy executives who are tuned into thewants and needs of security-conscious consumers.

"The primary challenges faced by companies after security breaches- including customer attrition, negative publicity and loss of majorclients - are also creating opportunities for these companies tosolidify their customer relationships, provided they are willing tolisten to their customers," said Michael Stanfield, Intersections'Chairman and CEO.

How a breach notification is handled has the potential to make orbreak a customer relationship. In fact, the report cites honest,complete and quick communication as the number one way to keep acustomer after a breach incident. Research cited in the report foundthat nine out of ten consumers said this was important to them.

After the initial notification, consumers also expressed clearpreferences on what actions institutions should take to help protectthem from further financial harm. The good news for those sameinstitutions is that many of the post-breach services consumers wantare those that encourage consumers to participate in their ownsecurity.

"Consumers want as much information as possible after a breachincident and it appears they are willing to do some of the legwork toensure the continued security of their assets," remarked Stanfield.

According to the report, 85 percent of consumers said they wantaccess to victim assistance services, including help resolving anyfraud. More than three quarters said institutions should providecredit reports at no cost as well as a hotline to answer theirquestions. A majority would like access to complimentary credit reportmonitoring and identity theft insurance as well.

Disappointingly, 29 percent of consumers reported that no actionbeyond the initial notification was taken by the breached company tohelp them determine what actions they should take to protectthemselves from additional harm.

Drawing on consumer research and Intersections' decade ofexperience assisting victims of identity theft, the report outlines asimple and effective five-step best practices list for handling databreach incidents (see below) that institutions can implement to helpthem manage the associated risks to consumers, employees and members.

To view the full report and supporting references, visitwww.intersections.com.
Best Practices in Information Breach Remediation

prepared by

Intersections Inc.

Plan

-- Provide a safe environment within which your customers can transact as well as a secure messaging platform for communicating with customers, employees or members.

-- Encourage the use of online banking and alerts to help customers identify and confirm changes to their personal accounts (name, address, phone number, e-mail address, credit lines, etc.).

-- Prepare an information breach remediation plan to activate immediately if such an incident should occur. Be aware of any state or federal legislation with which compliance is necessary.

Educate

-- Educate consumers about their role in protecting their personal data.

-- Provide training and education to employees to help them to identify and encourage them to report suspicious activity from internal or external threats.

-- Require vendors to comply with privacy guidelines in order to protect data across all levels of service. Audit these groups regularly to ensure compliance.

Investigate & Activate

-- Work quickly with all available resources to investigate and understand the precise nature and extent of the breach event.

-- Activate the prepared breach remediation plan to minimize the impact on the assets at risk.

-- As appropriate, engage law enforcement to help identify affected individuals and to pursue leads that are outside the purview of the institution.

-- Take immediate action to address the specific incident. (For example, close certain consumer accounts.)

Communicate

-- Notify affected individuals and clients as quickly as possible and communicate as much information as possible about the incident, ensuring that the information communicated is accurate and appropriate.

-- Notify affected individuals and clients promptly by mail and, when possible, by phone. Avoid form letters and e-mail, unless expressly requested.

-- Integrate communications messages across all channels. Present a consistent, thorough message.

-- Keep affected individuals and clients informed of steps you take to prevent repeat incidents and improve security.

Assist

-- Establish a telephone hotline or other dedicated resource (such as a Web site) handled by agents trained in identity theft resolution practices to address and answer consumers' concerns.

-- Provide a complimentary tri-bureau credit monitoring service or an identity protection service that monitors a combination of credit and public information to help affected individuals identify possible identity theft before it turns into fraud.

About Intersections Inc.

Intersections Inc. is the leading provider of branded andfully-customized consumer credit management and identity theftprevention, detection and resolution services to the customers of manyof North America's largest financial services companies. Byintegrating our technology solutions, marketing capabilities, andend-to-end production and fulfillment infrastructure, we assist thesecompanies in meeting the needs of their customers in a secure,efficient and ethical environment. We currently safeguard more than 5million customers in the U.S. and Canada - including approximately 3.7million subscribers to our service offerings as well as otherconsumers who receive special services such as data breach mitigationand identity theft resolution. We receive those customers primarilythrough our partners, as well as direct-to-consumer through ourIDENTITY GUARD(R) and SBGUARDIAN(SM) brands. Additionally, we offerpre-employment background screening through our wholly-ownedsubsidiary, American Background Information Services Inc. Learn moreabout Intersections Inc. at www.intersections.com.