List Security?An Evolution and an Imperative
List Security Now
Today, marketers are forced to better protect the consumer information they maintain on their marketing databases, either through regulation or consumer pressure. A recent law in California requires that if any breach occurs that violates information of an individual residing in that state, the marketer must inform that resident of the breach. The only exception is if the data have been encrypted.
Data security policies, written standard operating procedures (SOPs) and constant training in the SOPs are necessary to maintain safeguards when handling sensitive consumer data. When the Federal Trade Commission investigates a breach-of-data-security complaint or incident, it expects the organization to have written policies and procedures in place. If not, the outcome of the inquiry or investigation may not be favorable to the marketer.
Data security audits of service vendors who hold clients' customer data are common. Also, it is typical to have contracts with third-party vendors in place that contain detailed data security requirements and provide for chain-of-trust agreements to assure that sub-contractors maintain data protection measures equivalent to the primary vendor's, or even the marketer's.
With newer technology and shrinking time frames for data processing prior to campaigns, file transfer protocol (FTP) transfers via the Internet eliminate the shipping of tapes. Now, data are available to hand off to the next vendor electronically. Encryption is now widely employed, and practically necessary where data are "sensitive," to keep it secure when transferred via the Internet. Password management and systems monitoring, to control access to FTP sites, is also necessary.
With consumers' heightened sensitivity to the use of their personal information, it is clear that all entities that touch this data must use the latest, most effective tools and procedures to maintain data integrity.
Harriet Heyman is vice president and strategic consultant of Harte-Hanks, and serves on the Direct Marketing Association's Ethics Policy Committee. Heyman can be reached at (304) 754-7411, or firstname.lastname@example.org.