You don’t leave your front door or your car unlocked, do you? Of course not, because you want to protect your valuable assets. For marketers, customer data are among their most valuable assets. Yet many marketers simply don’t concern themselves with security when it comes to protecting those assets.
It can’t be that they don’t realize how valuable an asset such information is. After all, marketers often go to great trouble and expense to capture or otherwise acquire the data.
And it can’t be that they somehow don’t understand how great the risk is. For the past year we’ve seen a steady flow of headlines blasting the country’s leading companies and even government agencies, such as the U.S. Department of Veterans Affairs, for losing personally identifiable data. Beyond the public embarrassment, the liability those organizations face should make you shudder.
Allow me to give you three reasons you need to make the effort to protect your customers’ personally identifiable data: They’re valuable, customers demand that you do it, and the third reason… we’ll get to later.
The value of customer data is beyond doubt. Relevant, effective e-mail and multichannel campaigns rely on robust customer data. The more you know about your customer behavior and buying, the more you can optimize your offer, pricing, promotion, timing, and more. This personal customer information is valuable to you, and it will be valuable to others.
It is not your competitors who pose the greatest risk to your data. It is people who want the data for purposes of identity theft, dubbed one of the fastest-growing crimes in the country by the Identity Theft Resource Center. Of course a Social Security number is of tremendous value, but identity thieves can use even a few choice tidbits of personal data a marketer might hold—address, phone, name of bank, even the customer’s middle initial—to secure lines of credit, make purchases, and access cash. The thieves walk away with the goods, while your customers are left cleaning up the damage.
When it becomes known that your company was the likely source of the data breach, the customers will hold you responsible. At that point whatever customer goodwill you carefully cultivated is shot. Also, companies that lose such data are being pressured, at a minimum, to absorb the cost of regular monitoring of bank and credit reporting for those customers whose data were compromised. Depending on the number of customers involved, this can be quite pricey.
In addition, your brand will suffer. The CMO Council reports that nearly two-thirds of marketers believe security and IT data integrity significantly affect corporate and product brands. The council also found in its survey of more than 2,000 consumers that “over half would either strongly consider or definitely take their business elsewhere if their personal information were compromised.” Ouch–that can hurt.
A security violation that compromises customer data will even hurt a company’s stock price. The CMO Council cites Emory University researchers who found that a company’s stock price falls, on average, 0.63% -2.10% in value following the report of a security breach.
The second reason to be concerned with data security is public insistence. Your customers and prospects are demanding that you protect their personal data, and they will hold you accountable. The CMO Council found that 90% of the executives it surveyed reported data security being a great concern to their customers.
The public has made it clear to the government, the regulators, and their legislators that data protection and data privacy are critical. The recent data losses have triggered regulatory and legislative investigations, and almost two dozen states have enacted legislation modeled after a California law (California Database Security Breach Notification Act, also known as SB 1386) requiring companies to notify customers whenever personally identifiable data have been compromised.
For the marketer, data security must now become a top priority. Customer lists, purchase history, contact center interaction logs, Web behavior, and more may all be considered in various circumstances as containing customer-specific, personally identifiable data that must be protected. As a result, you must do the following: adopt a set of industry accepted and certified security best practices, such as ISO 27001; implement those practices across the organization; and let a certified third-party auditor test your adherence to these practices. And for those who outsource data-driven marketing campaigns, as the majority do, you need to make certain your vendor is just as capable and trustworthy in protecting the information as you are.
Oh, the third reason you should be concerned with security? A breach could happen to you. As a U.S. veteran, my personal data were compromised along with those of 25 million others when the Veterans Administration lost a laptop. Nobody has stolen my identity (yet) as a result, but I vowed then that I wouldn’t let it happen to customer data handled by my company.
John Rizzi is president/CEO of e-Dialog, an e-mail services provider based in Lexington, MA.