Retailers Face Data Security Questions as Digital Operations Grow

NEW YORK — As foodservice technology becomes a greater part of the convenience channel's operations, it is becoming increasingly important for retailers to figure out how to execute secure and dependable customer interactions. 

"Everyone here has received some letter or some email that somewhere, somehow, someone got your data. If it hasn't happened to you, it's going to happen to you," Zerrick Pearson, chief information officer at Five Guys Enterprises, said during the recent NRF 2022: Retail's Big Show hosted by the National Retail Federation (NRF). 

The biggest targets currently are banking and hospitality, including restaurants, according to Pearson, who noted that as digital engagement increases across the United States, data-security breaches could become a self-fulfilling prophecy.

"Eighty percent of restaurants are turning to technology to reach customers — customized emails, text messages, social media," he explained during the "Where Data Analytics & Data Security Intersect With Foodservice" session at the event. "Somewhere someone is collecting everything. Every click, every purchase, how long you read this article vs. that article. That is all being used to drive what you see."  

All retailers want data as they try to reach customers and make the best decisions to serve them, but retailers have an obligation to be "good stewards" of that data, said Pearson.

Right now, he believes security is almost always an afterthought, and that is a problem.

A veteran of IT and foodservice, Pearson acknowledged the desire among retailers to have as much information as possible. But what data is operational and what data is related to privacy? As he pointed out, a number of states are starting to have this conversation and empowering consumers to control what retailers are doing with their data.

Currently, no federal government standards exist to address data security.

"If it did, it would be great because we would all comply with it," Pearson said. "Instead, every state has a different idea about what you should be able to do with your data when it comes to a business or a partner housing it."

There are 23 states with active legislation aimed at protecting consumer data, he cited.

"What data do you want? Everything? That can't be the answer anymore, especially when it comes to customer data," he said. "If you are not a big enough shop to have someone who can be focused on security, find the right partner who can. You don't want to wild card this."

Pearson outlined the following steps that retailers can take: 

• Encrypt the data;
• Establish baseline controls and who has access to what information;
• Classify the data; and
• Do not keep all data together.

This year's NRF event took place at the Jacob K. Javits Convention Center in New York from Jan. 16-18. The show put a focus on the tie-in between foodservice and technology.