HOME | ABOUT US | CONTACT US    1-800-346-0073
DATA MANAGEMENT  |   DATA INTELLIGENCE  |   DATA DELIVERY  |   VERTICALS  |   SUCCESS STORIES  |  NEWS & EVENTS  |  BLOG
Mailnet Services, Synapse Technology and Conclusive Strategies become Conclusive Marketing.
News & Events

Maintaining Public Trust Should be Top Industry Priority in Wake of Data Piracy Problems
FRANKLIN, Tenn. – July 7, 2005
by Tom Herrmann
Executive Vice President for Marketing and Operations
Mailnet Services, Inc.

Following a handful of isolated incidents that led to the exposure of personal information on thousands of people, data providers have recently come under fire from news media, the federal government and disgruntled consumers.

Last year, ChoicePoint, a data provider with billions of data points on businesses and almost every adult in America, announced some fake information requests led to the unauthorized access of information on more than 100,000 individuals. The incident ended with ChoicePoint scaling back its sale of sensitive consumer data, which could mean the loss of millions of dollars for the company.

In June, MasterCard International announced that 40 million consumers credit card records may have been exposed following a security breach in an Arizona processing center. MasterCard notified member banks and worked to fix vulnerabilities in its system. But the incident became further proof that better data security is needed.

Even before the MasterCard case, members of the U.S. Senate and House of Representatives had begun considering legislation that would allow the Federal Trade Commission to create and enforce rules for our industry. A proposed bill calls for requiring information brokers to safeguard and protect the confidentiality of personally identifiable information, appropriate to the nature and type of information involved.

Regulatory oversight of our industry would not be beneficial for our businesses or the consumers we ultimately serve. For consumers, it would mean a red tape nightmare when trying to make any type of purchase, even for a simple activity such as applying for a credit card. For businesses, regulation would lead to more layers of required security and legal protections for the data that is the lifeblood of our direct marketing industry. This ultimately would result in a slowdown in turn-time processes to complete orders or purchases for our clients. Overall, the direct marketing industry should do what it takes to avoid the need for regulation in the first place.

Because consumer confidence is our industrys most valuable asset, what can we do to keep the publics trust?

The answer starts with responsibility. We must show skeptics we are dependable and committed to taking all the necessary steps to protect personally identifiable information.

There are already a number of tools and policies in place inside the industry. For example, the Direct Marketing Association (DMA), through its Privacy Promise, assures consumers that DMA members will follow specific practices to protect consumer privacy. Consumers who wish to receive fewer advertising solicitations can have their names removed from direct mail, call and email lists through DMAs Web site. This is a good example of self-regulation.

If a direct marketing company believes it could be open to the loss or fraudulent use of its consumer data, a strategy for immediate response is necessary. Any company storing confidential, personal data should have a system in place to trace any theft attempts, as well as a contingency plan to collect computer-based evidence, should a theft occur, for use in any criminal or internal investigations. Some companies may even want to consult with outside agencies or experts to ensure they are well-equipped to handle a security breach.

In general, direct marketing companies should be taking the following steps to make sure their data is secure:

  • Do a complete analysis of your security program. As new threats arise, security programs should always be up to date.
  • Regularly review your security plan. This will give you an opportunity to identify any vulnerability and to make repairs and changes when necessary.
  • Develop a plan to deal with security breach. This plan should include how incidents will be reported and how they will be resolved.
  • Keep in mind that there are already laws in place that protect financial and health related data that require organizations to protect the confidentiality of their clients. These laws should be understood and followed by all employees.
  • Put consumers at ease by making them aware of the steps you are taking to protect their data.

Currently, data security laws are not restrictive and we can keep it that way. Our industry overall has an exemplary track record of keeping customer data safe and secure. However, self-policing is a necessity in an industry that has become so closely watched by consumers and lawmakers. To maintain public trust, we must continue to ensure consumers that their data is safe with us.

Back to News & Events