Hang With the Right Crowd
A few months ago, I read an article on CNET News.com that discussed an Adobe Systems/RSA Security survey of D.C. opinion leaders on the issue of data protection in the United States. Participants were asked to rate the job Congress was doing on this topic. It wasn't good news: More than 70 percent gave Congress low marks in the protection of social security numbers, financial data and credit card numbers.
And so, with the scads of data breaches reported so far this year, it's no surprise there are about two dozen data security bills on Capitol Hill. Even with the passing of the GLB Act, the Shelby Act and a few other laws that restrict the collection, sharing and usage of consumers' personal/financial data, we still have a data security issue that has not been satisfactorily addressed.
This problem is different from the issue of whether companies should be able to rent, sell or share data for the purpose of marketing. Rather, this concern relates expressly to the protection of such data on backup tapes, servers, direct mail pieces being printed and stored at lettershops, and the other myriad forms data can take. And this risk of negative publicity and legal action basically is borne solely by the marketer, regardless of the many third-party suppliers involved in the execution of a direct marketing program.
"It is important to note that today, most third-party suppliers bear no legal requirement to comply with federal rules," wrote Don McKenzie, former president of Transcontinental Direct, in a whitepaper on security and privacy responsibilities of third-party suppliers. This aspect adds a deeper layer of meaning to the phrase "due diligence" with regard to hiring a computer service bureau, etc. To safeguard the consumer in the direct marketing process, McKenzie states that security standards should encompass data security, production processes, facilities, personnel, disaster recovery and financial stability. This is a daunting process, and one that requires direct marketers and their business partners to invest a significant amount of money.
Yet this investment could be peanuts compared to the penalties Congress might impose. A New York Times article noted that under Sen. Charles Schumer's data security bill, Citigroup's loss of tapes containing account info on millions of customers would have resulted in a fine of billions of dollars.
Let's not stick our heads in the sand on this topic while we have time to be proactive. To read more on third-party supplier security compliance, visit http://www.transcontinentaldirect.com/index/advice.html. And start talking to your direct marketing partners.