Do You Know Your Data? 5 Data Governance Questions Every Marketer Should Ask, and Their Answers

This is the first in a three-part series of tips and takeaways from DMA’s Institute for Data Governance and Certification. The new, three-day certification course will be held first on July 18-20, 2012, at DMA’s NYC seminar center. Check back next week for Part 2 on privacy policies.
Consider this: As marketers, we are living in a time of drastic change. We are migrating from a push marketing world to a pull marketing world. As that happens, new forces and factors will create new, innovative opportunities for marketers and new, more restrictive points of view from regulators.

What to do? For starters, you must employ best practices in all that you do in using, sourcing, storing and managing data.

Answer these five questions and think about what you do that’s not so good, what you allow that’s pretty risky, and how much you know about your data use:

  1. Have you ever sent customer data via email?
  2. Have you ever received client data via email?
  3. Do you know the differences between how digital markers define personally identifiable information (PII), and how offline marketers define PII?
  4. Does your company have an information security policy? Does it address marketing data flow?
  5. Have you ever read the policy?

Your answers to these questions will define how you should change, improve or enhance your practices:

1. You should NEVER send any customer information via email.

2. You should NEVER allow clients to send any of their data or information via email—not a sample, not for a test, not for a free analysis. Plain email attachments are not secure. Zipping doesn’t cut it. You should and can transmit data via secure portals, secure FTP, and when dealing with any sensitive data, you should require encryption.

3. Digital marketers define everything as PII, even names and postal address. They live in a world of complete disclosure, transparency and opt-out. Offline marketers also live in a world of complete disclosure, transparency and opt-out. However, they define PII as information that can do you harm, either by theft or by violating personal privacy. Some examples include: social security numbers, health-related information specific to the individual, and bank and financial information.