|
Right now, 38 states have consumer notification laws for data breaches. In addition, a handful of bills are making their way through Capitol Hill on the same topic.
Taken together, these laws and proposals have myriad combinations and permutations of what is considered a security incident, when to notify, how to notify and where to send notification. Generally, notifications can be made using a combination of online and offline methods, which may include e-mail, postal mail, Web site notice, call center and media.
For national marketers, the answer may be to encrypt data as a way to prevent exposure to the varying state and forthcoming national laws. Most states already have an encrypted data safe harbor, and the bills in Washington, D.C., also propose such a system. Basically, encryption obscures or scrambles data so that it can only be read with the use of a unique decoding “key.”
So, what happens when an organization suffers a security incident? Let’s say an unauthorized third party obtains access to 1 million unencrypted records being transferred to your organization. Let’s also say that you have to use the mail option in addition to other methods for consumer notification. At 31 cents per mail piece (presorted, First Class), the postage alone could add up to $310,000. Could your bottom line—or your brand image—handle this kind of expense?
Adding complexity to this already potentially costly exposure are differing definitions and combinations of data that legislators have seen fit to protect in 38 states. In two states, a mother’s maiden name is considered protected data when it is combined with first name (or initial), last name and Social Security number. In another state, physical addresses need to be protected.
And what about consumers? Should consumers in one state really be told they are being protected differently than consumers in another state? This is not exactly a recipe for customer satisfaction.
Encryption levels the playing field for consumers. They know to expect security in data transfers. Encryption also allows marketers and their IT staff to work on a common platform when it comes to partners, clients and vendors. Lastly, it carries the significant benefit of providing safe harbor from most state-level security laws and similar proposals currently being debated on Capitol Hill.
Encryption is less onerous than it sounds. In fact, there are even open-source license tools (such as GPG, FileZilla or Core FTP) that make it free to implement. What’s more, your organization may already have similar systems in place if it takes credit card payments online.
Taken together, these laws and proposals have myriad combinations and permutations of what is considered a security incident, when to notify, how to notify and where to send notification. Generally, notifications can be made using a combination of online and offline methods, which may include e-mail, postal mail, Web site notice, call center and media.
For national marketers, the answer may be to encrypt data as a way to prevent exposure to the varying state and forthcoming national laws. Most states already have an encrypted data safe harbor, and the bills in Washington, D.C., also propose such a system. Basically, encryption obscures or scrambles data so that it can only be read with the use of a unique decoding “key.”
So, what happens when an organization suffers a security incident? Let’s say an unauthorized third party obtains access to 1 million unencrypted records being transferred to your organization. Let’s also say that you have to use the mail option in addition to other methods for consumer notification. At 31 cents per mail piece (presorted, First Class), the postage alone could add up to $310,000. Could your bottom line—or your brand image—handle this kind of expense?
Adding complexity to this already potentially costly exposure are differing definitions and combinations of data that legislators have seen fit to protect in 38 states. In two states, a mother’s maiden name is considered protected data when it is combined with first name (or initial), last name and Social Security number. In another state, physical addresses need to be protected.
And what about consumers? Should consumers in one state really be told they are being protected differently than consumers in another state? This is not exactly a recipe for customer satisfaction.
Encryption levels the playing field for consumers. They know to expect security in data transfers. Encryption also allows marketers and their IT staff to work on a common platform when it comes to partners, clients and vendors. Lastly, it carries the significant benefit of providing safe harbor from most state-level security laws and similar proposals currently being debated on Capitol Hill.
Encryption is less onerous than it sounds. In fact, there are even open-source license tools (such as GPG, FileZilla or Core FTP) that make it free to implement. What’s more, your organization may already have similar systems in place if it takes credit card payments online.
Companies Mentioned:
 |
|
The Business of Database Marketing