Home  › Email › Email Marketing

Should You Be Concerned About the Security of Your Email List?

  |  January 23, 2012   |  Comments

It's time to have your own internal guidelines to protect the data on your email lists, even if you're only collecting email addresses.

How secure is your email list? Does your privacy policy state how you will be using the email addresses you collect? Are your actions in line with the spirit as well as the letter of your privacy policy?

While these questions don't go directly to the bottom-line performance of your list in the short term, they do have implications for your brand. Here's a mini case study and some tips.

Last year there were a few high-profile data breaches in the email and online world. If you're a small organization that doesn't collect credit card data, you may not be concerned about the security of your email list. But you should be.

The U.S. is somewhat unique in its regulations around collecting and maintaining personal data. While other governing bodies, like Canada and the U.K., have broad laws that apply to all organizations that collect this type of data on people, the U.S. does not. It has COPPA, which covers collection and use of personal data from children, and there are industry-specific laws for the healthcare and financial services sectors, but no umbrella regulations.

Just because it's not the law doesn't mean that you shouldn't have your own internal guidelines to protect the data on your email lists, even if you're only collecting email addresses.

I was talking security with an email marketer recently and his response was that their database was hosted by a large, well-respected organization. That's a good start, but that alone won't ensure that you're safe from a breach.

Whenever I sign up to receive email from an organization I "tag" the address I provide with a unique identifier, so that I know whom I've given it to. This is a luxury only those of us who own our own domain names can enjoy, but sometimes it's very interesting to see who, other than the organization that garnered my opt-in, ends up sending to these addresses.

Case in point: the Republican National Committee (RNC). I opted in to receive email from the organization years ago. I have to admit that its emails had become "bacn" for me, meaning that while I remembered opting in, I had stopped opening the email it sent me. I was busy, I wasn't getting that much valuable information from its missives, and outside of a presidential election year I just wasn't that interested.

Earlier this month, though, I went to my inbox looking for political information and decided to search and find out what the RNC had been sending to me.

In the past 30 days, I had received 29 email messages to my RNC "tagged" address. That's a lot (nearly one a day), but the more interesting thing was who was sending to this address - and who wasn't.

012312-rnc-email-senders

Did you spot the omission? None of the emails I'd received over the past 30 days were from the RNC. When I looked back, the organization hadn't sent anything to this address since April 2010. I don't remember unsubscribing; maybe the RNC removed inactive email addresses from its list (which is a good thing to do).

But even through the RNC was no longer sending me messages, the tagged email I had given to the RNC was still generating a lot of traffic. Over 70 percent of it was from a group I'd never heard of, The Political Insider.

Looking at the email messages from The Political Insider, very few were actually political in nature. There was one newsletter that contained political articles aggregated from around the web. The other 20 messages (95 percent of those it sent) contained a standalone ad from a third party. Of those, 25 percent (five) were political in nature - and the other 75 percent (15) were what I would consider blatant spam (remember: spam is in the eye of the beholder). Here are some of the subject lines:

  • 15-Minutes Fights Holiday Belly Bulge for 3 Days?
  • Electricity Breakthrough - see shocking video
  • A Medical Conspiracy?
  • Shocking Video Reveals How to Learn a Foreign Language in just 10 Days (Same Method Purchased by FBI)
  • Will the Government Confiscate Our Gold?

So what happened? How did this organization take possession of an email address I gave to the RNC and start sending me spam?

I have no idea. The RNC's website terms and conditions state: "Under no circumstances will the RNC sell your information to third parties or any commercial entities." But it also says that it may share my information with "like-minded organizations committed to the principles or candidates of the Republican Party, Republican State Party organizations and local Republican groups."

I take the RNC at its word. I imagine that the other groups sending to this email address probably fall into the latter category (although Bolling is the lieutenant governor of Virginia, a state I do not nor have ever lived in, so those messages are irrelevant to me), but what about The Political Insider?

Either the RNC shared my tagged address with The Political Insider without regard to or without fully vetting the content of the messages that would be sent, or my address was acquired by The Political Insider in some nefarious way.

Brands that are damaged by this situation: the RNC and The Political Insider. The former for not properly securing personal information I entrusted to it; the latter for sending an abundance of junk email with very minimal valuable or relevant information to my inbox.

As I mentioned above, protecting your email list doesn't just have to do with having a secure host for your database. Here are some additional steps you can take:

  • Don't turn your email list over to third parties; it's fine to do a send to your list on another organization's behalf, but it's not a good idea to give that organization your list to do their own send.
  • Educate your employees on the importance of securing your list; make sure those with access to it safeguard their user IDs and passwords and are prepared to combat phishing emails and other malicious activity.
  • Include policies on use and abuse of your email list in your HR manual; make it clear that sharing your email list with third parties is a misuse of a company asset and that the repercussions of doing so will be serious.

Until next time,

Jeanne

Tags:

ClickZ Live Chicago Join the Industry's Leading eCommerce & Direct Marketing Experts in Chicago
ClickZ Live Chicago (Nov 3-6) will deliver over 50 sessions across 4 days and 10 individual tracks, including Data-Driven Marketing, Social, Mobile, Display, Search and Email. Check out the full agenda and register by Friday, Oct 3 to take advantage of Early Bird Rates!

ABOUT THE AUTHOR

Jeanne Jennings

Jeanne Jennings is a 20 year veteran of the online/email marketing industry, having started her career with CompuServe in the late 1980s. As Vice President of Global Strategic Services for Alchemy Worx, Jennings helps organizations become more effective and more profitable online. Previously Jennings ran her own email marketing consultancy with a focus on strategy; clients included AARP, Hasbro, Scholastic, Verizon and Weight Watchers International. Want to learn more? Check out her blog.

COMMENTSCommenting policy

comments powered by Disqus

Get ClickZ Email newsletters delivered right to your inbox. Subscribe today!

COMMENTS

UPCOMING EVENTS

Featured White Papers

IBM: Social Analytics - The Science Behind Social Media Marketing

IBM Social Analytics: The Science Behind Social Media Marketing
80% of internet users say they prefer to connect with brands via Facebook. 65% of social media users say they use it to learn more about brands, products and services. Learn about how to find more about customers' attitudes, preferences and buying habits from what they say on social media channels.

Marin Software: The Multiplier Effect of Integrating Search & Social Advertising

The Multiplier Effect of Integrating Search & Social Advertising
Latest research reveals 68% higher revenue per conversion for marketers who integrate their search & social advertising. In addition to the research results, this whitepaper also outlines 5 strategies and 15 tactics you can use to better integrate your search and social campaigns.

Resources

Jobs

    • Digital Marketing Analyst
      Digital Marketing Analyst (GovLoop) - Washington D.C.Are you passionate about audience acquisition? Love effective copy and amazingly effective...
    • Product Specialist
      Product Specialist (Agora Inc. ) - BaltimoreDescription: The Product Specialist is hyper-focused on the customer experience and ensures that our...
    • Partnerships Senior Coordinator
      Partnerships Senior Coordinator (Zappos.com, Inc.) - Las VegasZappos IP, Inc. is looking for a Partnerships Senior Coordinator! Why join us? Our...