Home  › Email › Email Marketing

Should You Be Concerned About the Security of Your Email List?

  |  January 23, 2012   |  Comments

It's time to have your own internal guidelines to protect the data on your email lists, even if you're only collecting email addresses.

How secure is your email list? Does your privacy policy state how you will be using the email addresses you collect? Are your actions in line with the spirit as well as the letter of your privacy policy?

While these questions don't go directly to the bottom-line performance of your list in the short term, they do have implications for your brand. Here's a mini case study and some tips.

Last year there were a few high-profile data breaches in the email and online world. If you're a small organization that doesn't collect credit card data, you may not be concerned about the security of your email list. But you should be.

The U.S. is somewhat unique in its regulations around collecting and maintaining personal data. While other governing bodies, like Canada and the U.K., have broad laws that apply to all organizations that collect this type of data on people, the U.S. does not. It has COPPA, which covers collection and use of personal data from children, and there are industry-specific laws for the healthcare and financial services sectors, but no umbrella regulations.

Just because it's not the law doesn't mean that you shouldn't have your own internal guidelines to protect the data on your email lists, even if you're only collecting email addresses.

I was talking security with an email marketer recently and his response was that their database was hosted by a large, well-respected organization. That's a good start, but that alone won't ensure that you're safe from a breach.

Whenever I sign up to receive email from an organization I "tag" the address I provide with a unique identifier, so that I know whom I've given it to. This is a luxury only those of us who own our own domain names can enjoy, but sometimes it's very interesting to see who, other than the organization that garnered my opt-in, ends up sending to these addresses.

Case in point: the Republican National Committee (RNC). I opted in to receive email from the organization years ago. I have to admit that its emails had become "bacn" for me, meaning that while I remembered opting in, I had stopped opening the email it sent me. I was busy, I wasn't getting that much valuable information from its missives, and outside of a presidential election year I just wasn't that interested.

Earlier this month, though, I went to my inbox looking for political information and decided to search and find out what the RNC had been sending to me.

In the past 30 days, I had received 29 email messages to my RNC "tagged" address. That's a lot (nearly one a day), but the more interesting thing was who was sending to this address - and who wasn't.

012312-rnc-email-senders

Did you spot the omission? None of the emails I'd received over the past 30 days were from the RNC. When I looked back, the organization hadn't sent anything to this address since April 2010. I don't remember unsubscribing; maybe the RNC removed inactive email addresses from its list (which is a good thing to do).

But even through the RNC was no longer sending me messages, the tagged email I had given to the RNC was still generating a lot of traffic. Over 70 percent of it was from a group I'd never heard of, The Political Insider.

Looking at the email messages from The Political Insider, very few were actually political in nature. There was one newsletter that contained political articles aggregated from around the web. The other 20 messages (95 percent of those it sent) contained a standalone ad from a third party. Of those, 25 percent (five) were political in nature - and the other 75 percent (15) were what I would consider blatant spam (remember: spam is in the eye of the beholder). Here are some of the subject lines:

  • 15-Minutes Fights Holiday Belly Bulge for 3 Days?
  • Electricity Breakthrough - see shocking video
  • A Medical Conspiracy?
  • Shocking Video Reveals How to Learn a Foreign Language in just 10 Days (Same Method Purchased by FBI)
  • Will the Government Confiscate Our Gold?

So what happened? How did this organization take possession of an email address I gave to the RNC and start sending me spam?

I have no idea. The RNC's website terms and conditions state: "Under no circumstances will the RNC sell your information to third parties or any commercial entities." But it also says that it may share my information with "like-minded organizations committed to the principles or candidates of the Republican Party, Republican State Party organizations and local Republican groups."

I take the RNC at its word. I imagine that the other groups sending to this email address probably fall into the latter category (although Bolling is the lieutenant governor of Virginia, a state I do not nor have ever lived in, so those messages are irrelevant to me), but what about The Political Insider?

Either the RNC shared my tagged address with The Political Insider without regard to or without fully vetting the content of the messages that would be sent, or my address was acquired by The Political Insider in some nefarious way.

Brands that are damaged by this situation: the RNC and The Political Insider. The former for not properly securing personal information I entrusted to it; the latter for sending an abundance of junk email with very minimal valuable or relevant information to my inbox.

As I mentioned above, protecting your email list doesn't just have to do with having a secure host for your database. Here are some additional steps you can take:

  • Don't turn your email list over to third parties; it's fine to do a send to your list on another organization's behalf, but it's not a good idea to give that organization your list to do their own send.
  • Educate your employees on the importance of securing your list; make sure those with access to it safeguard their user IDs and passwords and are prepared to combat phishing emails and other malicious activity.
  • Include policies on use and abuse of your email list in your HR manual; make it clear that sharing your email list with third parties is a misuse of a company asset and that the repercussions of doing so will be serious.

Until next time,

Jeanne

Tags:

ClickZ Live New York What's New for 2015?
You spoke, we listened! ClickZ Live New York (Mar 30-Apr 1) is back with a brand new streamlined agenda. Don't miss the latest digital marketing tips, tricks and tools that will make you re-think your strategy and revolutionize your marketing campaigns. Super Saver Rates are available now. Register today!

ABOUT THE AUTHOR

Jeanne Jennings

Jeanne Jennings is one of the World's Top 50 Email Marketing Influencers (Vocus, 2014). She has more than 20 years of experience in the email and online marketing and product development world. Jeanne's direct-response approach to email strategy, tactics, and creative direction helps organizations make their email marketing initiatives more effective and more profitable. Clients include: ConsumerReports.org, FDANews, Hasbro, PRWeb, Scholastic, Verizon, and WeightWatchers. Want to learn more? Check out her blog.

COMMENTSCommenting policy

comments powered by Disqus

Get ClickZ Email newsletters delivered right to your inbox. Subscribe today!

COMMENTS

UPCOMING EVENTS

UPCOMING TRAINING

Featured White Papers

Google My Business Listings Demystified

Google My Business Listings Demystified
To help brands control how they appear online, Google has developed a new offering: Google My Business Locations. This whitepaper helps marketers understand how to use this powerful new tool.

5 Ways to Personalize Beyond the Subject Line

5 Ways to Personalize Beyond the Subject Line
82 percent of shoppers say they would buy more items from a brand if the emails they sent were more personalized. This white paper offer five tactics that will personalize your email beyond the subject line and drive real business growth.

WEBINARS

    Information currently unavailable

Jobs

    • Lead Generation Specialist
      Lead Generation Specialist (The Oxford Club) - BaltimoreThe Oxford Club is seeking a talented writer/marketer to join our growing email lead-generation...
    • Health Marketing Editor
      Health Marketing Editor (Agora Inc.) - BaltimoreCome flex your intellectual muscle as part of Agora, Inc’s (http://agora-inc.com/) legal team...
    • Technical Business Analyst
      Technical Business Analyst (OmniVista Health) - BaltimoreOmniVista Health is looking to add a Technical Business Analyst to our expanding team...