As technology has evolved, so have consumers’ concerns surrounding the use of their personal data. Not only are they leery of providing information, consumers also are leery of who uses their personalized data and for what purposes. Marketers can ease their customers' concerns by taking precautions, especially surrounding their online marketing efforts. Here are a few tips to think about when creating a personalized URL (PURL) campaign:
Define and Assess Security Risks of the Web Site: In the planning stages you should define and assess the potential security issues with your marketing campaign to minimize their impact. If the Web site includes sensitive data, consider creating a threat model to identify the risks and possible vulnerabilities. The analysis assists the development team in its Web site set-up.
Take Complete Stock of the Web Site: Information security is not just about preventing theft or damage. It also includes ensuring your Web site is available, fast enough, complying with legal and regulatory requirements, providing accurate information, preventing release of confidential information to unauthorized users and inappropriate use, protecting your users, and providing the ability to analyze and learn from incidents.
Password Protection: Consider using a unique four-digit number when creating the PURL string. This keeps recipients from accidentally or purposely viewing another individual’s site. For example, you may have several individuals in your mail file with the same first initial and last name, so in this case you’d have to use a number to identify each (JSmith1, JSmith2, JSmith3 …). If JSmith2 was inclined, he could access JSmith1’s PURL. It’s better to assign a random multiple-digit number to each PURL so your recipients can’t crack your code. Some marketers use separate passwords included in the marketing offers with the PURLs so recipients can securely access their sites.
Test Before and After Rollout: All projects must include structured testing. Security testing involves checking what is not allowed on the site as well as the intended functionality. This requires thinking outside of the box to foresee any potential obstacles. You should proof PURL sites before a marketing campaign deploys as well as after.
Monitor Your Reports: Review your data collection reports often to identify abnormal behavior and how these problems occurred. Problems with capturing information can skew your results and possibly prevent a future marketing campaign. It’s also a good idea to protect the reports from alteration. In some instances, we’ve seen recipients of PURLs pass their personalized landing page information to friends, who then access and use the recipients' identities to fill out the pages. This wreaks havoc on your reports. You may want to consider locking each PURL so the recipient cannot change her name, and instead provide her with the option to refer the friend so he gets his own PURL.
Above all, use caution in handling sensitive information. For most marketers, customer data is their livelihood, and possible security issues can wreak havoc on their reputations. The Direct Marketing Association encourages marketers to establish their own security policies and procedures for secure information systems. This includes staff training and routine assessments, as well as agreements between all business partners and service providers that handle personally identifiable information.