Does Your Privacy Policy Mean Anything?

  |  January 11, 2005   |  Comments

You assure customers their personal information is protected by a privacy policy. Is it?

These days, your company's privacy policy is a handy tool. It can placate worried consumers. A privacy policy assures them their personal data won't ever be used, shared, or abused. This also makes it a handy marketing tool.

But is the policy true? No, because your data aren't safe.

Sure, your corporate policy says you won't abuse the data. Fact is, it's easy for abuse to occur. You're at the mercy of your IT staff. They can prevent it from happening -- or make it happen.

Would your competitors like to have a list of your current customers? Has someone on your IT staff already sold it to them?

Would your suppliers like to know your thoughts about their latest pitches? How do you know your email hasn't already been forwarded to them?

If someone wants to abuse data, he must first obtain it. The key to obtaining it lies with someone who has access to it.

Could data abuse happen at your company?

Are your employees happy? Is there about to be a round of layoffs? Have you recently fired anyone? Do you have "disgruntled" workers? Are there other reasons some employees might want to share your data with others?

Any employee with access to your data can do with it as she pleases.

Computer Access

Data stored on someone's computer can be accessed by anyone with the password. Some companies use two-factor security systems. These require the user to enter both a personal password or identification number and a special number generated by a device the user carries when she want to access her computer. The device generates a new number every minute or so.

This two-step security system was used 20 years ago at a super-computer facility that ran simulation exercises for the Department of Defense. You can use a similar method to protect data. Though it won't solve all your safety issues, it can prevent someone from accessing data stored on a specific computer or using a computer to access important data.

Data Warehouse Access

Data stored in a data warehouse can be retrieved by anyone with direct access to the warehouse or an OBDC (define) connection to the warehouse. Different levels of security and access can be set up by the data warehouse administrator.

Is anyone logging or tracking what happens with the data? Do you monitor what data are accessed and by whom? Do you monitor where data files are sent? Do you know who has your data?

Most probably, you don't.

My bet is you have nothing in place to prevent someone from making a copy of your database and delivering it to your competitors or to a third party who might abuse the data.

Experience Speaking

I know these things because I've seen and heard plenty of examples of data being somewhere it shouldn't. I know CEOs whose email was read, then the information was shared with the wrong people.

I know people who have complete databases from pharmacies that contain customers' prescription records. I know people who could easily commit identity theft hundreds of times, using the names, addresses, and social security numbers they've acquired. In some cases, data warehouse administrators using "standard" data file extraction supplied the data. They just couldn't be bothered to write code to create the required file.

Maybe Important, Maybe Not

All the above may be very important to you, or not at all. It depends on your data's sensitivity. On an individual level, a consumer might think his medical records are extremely private and should never be shared with anyone. On a business level, customer names and addresses might be more valuable than the products those records represent.

Managers at companies that believe their data are valuable must regularly reexamine their privacy policies, whether data are used for marketing or can be shared or distributed.

ClickZ Live Toronto Twitter Canada MD Kirstine Stewart to Keynote Toronto
ClickZ Live Toronto (May 14-16) is a new event addressing the rapidly changing landscape that digital marketers face. The agenda focuses on customer engagement and attaining maximum ROI through online marketing efforts across paid, owned & earned media. Register now and save!*
*Early Bird Rates expire April 17.


Brian Teasley Brian Teasley is the leader of Teasley, a consultancy that helpsadvertisers, marketers and advertising agencies use data and analysis toimprove their marketing campaigns. Brian has over 14 years experience inengineering and marketing, and has worked for numerous Fortune 100companies. Brian also teaches a marketing course at New York University. Heholds a M.S. degree in Applied Statistics from Iowa State University and aBA in Mathematics and a BA in Mathematics and Statistics from St. OlafCollege.

COMMENTSCommenting policy

comments powered by Disqus

Get the ClickZ Analytics newsletter delivered to you. Subscribe today!



Featured White Papers

ion Interactive Marketing Apps for Landing Pages White Paper

Marketing Apps for Landing Pages White Paper
Marketing apps can elevate a formulaic landing page into a highly interactive user experience. Learn how to turn your static content into exciting marketing apps.

eMarketer: Redefining Mobile-Only Users: Millions Selectively Avoid the Desktop

Redefining 'Mobile-Only' Users: Millions Selectively Avoid the Desktop
A new breed of selective mobile-only consumers has emerged. What are the demos of these users and how and where can marketers reach them?


    • Contact Center Professional
      Contact Center Professional (TCC: The Contact Center) - Hunt ValleyLooking to join a workforce that prides themselves on being routine and keeping...
    • Recruitment and Team Building Ambassador
      Recruitment and Team Building Ambassador (Agora Inc.) - BaltimoreAgora,, continues to expand! In order to meet the needs of our...
    • Design and Publishing Specialist
      Design and Publishing Specialist (Bonner and Partners) - BaltimoreIf you’re a hungry self-starter, creative, organized and have an extreme...