Open Enrollment | Subscribe to Target Marketing HERE
Connect
Follow us on
Advertisement
 

How To Prevent a Customer Data Breach Disaster ... and What To Do When You Fail

March 2, 2011 By Heather Fletcher
Get the Flash Player to see this rotator.
 

Marketers who collect data will lose it.

An incident will impact their brand's reputation and consumer trust, as well as that of partners and customers.

So planning and data stewardship is everyone's responsibility.

Those are the three rules of data breaches, as outlined by Craig Spiezle, executive director and founder of Bellevue, Wash.-based trade organization Online Trust Alliance (OTA). On Jan. 25, his organization released the "OTA 2011 Data Breach & Loss Incident Readiness Guide."

Because reported data breaches impacted more than 26 million records in 2010, costing US businesses $5.3 billion, the government is taking a closer look at whether companies are prepared to handle the problem, according to the OTA. Spiezle specifically cites the Commerce Department Privacy "Green Paper," which outlines the need for companies to have data breach preparedness in place, and notes that the policy recommendations could "hold marketers accountability for failure to take reasonable steps to protect their data."

Before marketers create data breach preparedness plans, Spiezle suggests you ask yourself a few questions:

  • Do you know what sensitive information is maintained by your company, where it is stored and how it is kept secure? Do you have an accounting of all information stored, including backups and archived data?
  • Do you have an incident response team ready to respond 24/7?
  • Are management teams aware of security, privacy and regulatory requirements related specifically to your business?
  • Have you completed a privacy and security audit of all data collection activities, including cloud and outsourced services?
  • Are you prepared to communicate the breach to customers, partners and stockholders?
  • Do you have readily available access codes and credentials to critical systems in the event key staff are not available or incapacitated?
  • Are employees trained and prepared to notify management in case of accidental data loss or a malicious attack? Are employees reluctant to report such incidents for fear of disciplinary action or termination?
  • Have you coordinated with all necessary departments with respect to breach readiness? (For example, information technology, corporate security, marketing, governance, fraud prevention, privacy compliance, HR and regulatory teams.)
  • Do you have a privacy review and audit system in place for all data collection activities, including that of third-party service providers? Have you taken necessary or reasonable steps to protect users' confidential data?
  • Do you review the plan on a regular basis to make sure it reflects key changes? Do key staff members have hard copies of the plan readily accessible in their offices and homes?

While the OTA guide outlines 17 recommendations for interactive marketers, advertisers and commerce sites, Spiezle says direct marketers should "pay specific attention" to the following:

 

SPONSORED CONTENT

MORE ON DATABASE, LISTS AND CRM >>

FROM THE BOOKSTORE

<i>The Business of Database Marketing</i> covers all the bases for the typical business reader.  It even includes a catalog of the 37 “Best Practices” and a roundup of some of the major “Dos and Don’ts” in making business sense of the world of database marketing.  It will be the one easy-to-read and easy-to-understand guide for putting database marketing and customer relationship management to productive use for every business. The Business of Database Marketing

The Business of Database Marketing covers all the bases for the typical business reader. It even includes a catalog of the 37 “Best Practices” and a roundup of some of the major “Dos and Don’ts” in making business sense of the world of database marketing. It will be the one...

ORDER NOW

 

COMMENTS

Click here to leave a comment...
Comment *
Most Recent Comments: