skip to: page content | site navigation

Staying on the right side of the data police

Data security has become a hot topic following the recent high-profile breaches at the hands of government departments and commercial organisations alike. Kim Benjamin investigates.

Unlikely though it may sound, database marketing is national headline-making stuff these days. But it's for all the wrong reasons. Last year high-street bank HSBC was fined £3.2m for losing an unencrypted CD that contained the details of 180,000 policyholders.  

Later in 2009, mobile operator T-Mobile was in the spotlight for data theft, when rogue staffers sold the details of thousands of customers to brokers who intended to pass the data on to rival operators.

It's little wonder that consumers are questioning the safety of their details. The Information Commissioner's Office (ICO), the UK's data privacy watchdog, has also signaled its intention to crack down on data leaks, with potential fines of up to £500,000 to be levied on companies from April for serious breaches. At the same time, marketers are also facing greater legislation.  

Reputation risk

According to the ICO, the biggest impact of data breaches on brands is reputational damage. Whereby companies risk losing the trust and confidence of their customers if they do not comply with data protection requirements.  

'We will not be afraid to use our powers on those who flout the law', says a spokesperson for ICO. 'Good data protection should be part of an organization's culture and seen as an integral responsibility of its senior management.' 

Chris Lodge, head of data and customer insight at utilities supplier EDF Energy, says it only takes one breach from any company to have a negative effect on everyone else. 

'The government's ideas to beef-up the penalties for security breaches is a good one,' he says. 'We also need to ensure that the data we seek from customers is relevant. For example, we don't ask for the customer's age if they want to buy electricity.' 

Growing concerns over data security have prompted brands, suppliers and industry bodies to work harder than ever before to rebuild consumer confidence in data privacy. The Direct Marketing Association, for example, last month launched DataSeal, a private data security performance standard developed together with standards authority BSi.

With marketers under increasing pressure to ensure their customer data is secure, what steps can they take to avoid breaches and restore levels of consumer confidence? According to Peter Nota, European information security officer at data provider Equifax, undertaking regular risk assessments to understand the threats faced by a business is a good starting point. 

He adds that while technology has an important part to play when it comes to data security, employee awareness and education are critical to ensure that any information security programme is successful. 

Confidence check

'It is important for brands to conduct regular health checks of the infrastructure and technical environment in which they operate, to ensure that all known issues have been assessed and addressed,' he says.

Rob Salmon, managing director of data processing company meta-morphix, believes that the industry needs to take the lead to pre-empt a consumer backlash against those brands that do not safeguard their personal data. 'One of the biggest challenges lies in changing the attitudes of everyone working with personal data to ensure that they safeguard their customers' information in the same way that they would safeguard their own,' he says. 

He adds that implementing rigorous security procedures and beefing up training may be a little more time-consuming in the short term, but the benefits will outweigh the risks of serious data breaches in the longer term.

Melissa Arrowsmith, customer insight manager at financial services provider Sun Life, part of AXA Group, says one of the main issues when it comes to data security is that all too often, it is seen as an afterthought rather than embedded in business decisions. 

Front of mind

'The key to ensuring security of data is to make sure that such considerations are at the core of all IT systems and business processes,' she says. 'This encompasses all aspects of the business from home-working and traveling to transfer of data to suppliers as well as the security of internal systems.' 

Transparency is also vital when collecting, using or amending customer information, according to Mark Chipperfield, head of data management at BBC TV Licensing. It's also crucial for brands to react swiftly in response to any problems that occur. 

'If breaches do occur we have clear procedures in place to close down, investigate and make improvements,' says Chipperfield. 

'Data security is no longer a "nice to have" - it's an essential part of running a responsible business.'

He adds: 'The more complex and abundant the information flowing around your business, the more effort you need to make to get information security right.'

Data tsars

Other brands have gone so far as to actually appoint a data protection officer, whose role it is to ensure the correct processes are in place, as in the case of loyalty card operator Nectar. 

Its marketing director, John Sheekey, says data security requires ongoing monitoring, particularly in the current climate where new threats are emerging on a regular basis. 'This requires dedicated specialist staff supplemented by external expertise to continuously assess compliance against these threats and data protection requirements,' he adds.

EDF Energy's Lodge, meanwhile, says the company rigorously maintains a high level of security protocols. These include secure servers for holding data, no sensitive data held on laptops, restricted access for the use of USB devices on personal computers and the destruction of CD's when they are no longer needed. 

It may be too early to assess the effectiveness of schemes such as DataSeal, but what is certain is that consumer awareness of the data privacy issues will only grow with high-profile incidences of data breaches and theft, resulting in an increasing reluctance on their part to divulge their personal information. 

While this perception is unlikely to be reversed in the short-term, those brands and organizations that act now to safeguard their customer data - and are openly seen to be doing so - are likely to be the ones that consumers trust with their information and keep coming back to.

Article from Marketing Magazine - February 2010