Do You Know Your Data? 5 Data Governance Questions Every Marketer Should Ask, and Their Answers
This is the first in a three-part series of tips and takeaways from DMA's Institute for Data Governance and Certification. The new, three-day certification course will be held first on July 18-20, 2012, at DMA's NYC seminar center. Check back next week for Part 2 on privacy policies.
Consider this: As marketers, we are living in a time of drastic change. We are migrating from a push marketing world to a pull marketing world. As that happens, new forces and factors will create new, innovative opportunities for marketers and new, more restrictive points of view from regulators.
What to do? For starters, you must employ best practices in all that you do in using, sourcing, storing and managing data.
Answer these five questions and think about what you do that's not so good, what you allow that's pretty risky, and how much you know about your data use:
- Have you ever sent customer data via email?
- Have you ever received client data via email?
- Do you know the differences between how digital markers define personally identifiable information (PII), and how offline marketers define PII?
- Does your company have an information security policy? Does it address marketing data flow?
- Have you ever read the policy?
Your answers to these questions will define how you should change, improve or enhance your practices:
1. You should NEVER send any customer information via email.
2. You should NEVER allow clients to send any of their data or information via email—not a sample, not for a test, not for a free analysis. Plain email attachments are not secure. Zipping doesn't cut it. You should and can transmit data via secure portals, secure FTP, and when dealing with any sensitive data, you should require encryption.
3. Digital marketers define everything as PII, even names and postal address. They live in a world of complete disclosure, transparency and opt-out. Offline marketers also live in a world of complete disclosure, transparency and opt-out. However, they define PII as information that can do you harm, either by theft or by violating personal privacy. Some examples include: social security numbers, health-related information specific to the individual, and bank and financial information.
Think about those of us who live in both worlds and ask yourself how best to innovate using multiple channels—without giving regulators cause to define PII as everything for everyone, and requiring that all must be anonymous.
4. and 5. Establish and maintain a robust and inclusive information security policy that includes intrusion detection, incident-response handling, employee training and communications. This is one of your best offensive tools for protecting data and insuring consumer trust. It also serves as an important component to overall data governance in your organization.
Peg Kuman is vice chairman of Springfield, Va.-based data products, services and processing provider Relevate, and instructor of DMA's Institute for Data Governance and Certification. For more information, visit http://www.dmaeducation.org/dm-essentials/marketing_data_governance.php.