Interesting keynote speech by former US Central Intelligence Agency chief technology officer Bob Flores at Melbourne's recent Connect Expo. I would argue that security in general, not just in the cyber sphere, should be a KPI.
Since I started working with Stav on this security product, I've encountered some horrendous data handling practices from both small and big businesses including:
-The bottle shop that placed customer's ID, contact details and credit card details on their bulk wine orders, and left these boxes in the side entrance of the store.
-The charity dinner that asked for donation pledges (complete with name and credit card details) on a single piece of paper.
-The major Australian bank who wanted me to verify my ID through a series of personal questions, with other customers located within earshot of our conversation.
Our database is designed to simplify your data handling practices by removing the data from the handling. Once your personal or instance profile (business, IoT, device, etc) is established, our system works for you, first by providing our foundation security feature. No Edit. We can further strengthen this with our full "Paranoia" suite, removing access and admin from the system also. This means, once in, your data is seen by no one, touched by no one. Your personal information is focused into just one number, or an email, or a name, etc. Any time you wish to leave your information or payment details you need only quote your account reference. Strictly speaking, you needn't even tokenise it. Your information privacy is set the moment you register. You can elect to share your information with some and not with others, or you can have all transactions and communication conducted by our system and remain completely unknown, though not anonymous. You are your indellible ID.
** Until the transaction receives your appropriate level of authority, be it SMS code, device authority or biometric mechanisms, no transaction is conducted. **