Do You Need Data Breach Readiness?

  |  February 25, 2014   |  Comments

A sad fact of our time is that every company is at real risk for a criminal data breach, so a proactive approach is not only good for business, it's good for customers, too.

There are now two types of companies in the world: those whose data has been breached and those who don't yet know that their data has been breached.

That also means that there is new reality for each of us: It's not if a data breach situation will happen, it's how we deal with it when it does.

A sad fact of our time is that every company is at real risk for a criminal data breach. Nearly every aspect of our society has been hacked, including education, business, and government. One report quoted by the Venable law firm found that 621 confirmed breaches occurred in 2012 alone and retailers represented 21.7 percent of network-based breach incidents.

A proactive approach is not only good for business, it's good for customers, too. Brands hold a fragile trust bond with people and that bond is shaken a bit now for every brand, not just those in the high-profile recent cases. Marketers have a chance to be at the epicenter of corporate and brand readiness, working with legal, IT, privacy, and customer service teams.

It seems counterintuitive for marketers to break down silos and be the lead on data security policies, but who better than us? Just as marketers can step up and be the company leads on data stewardship and customer centricity, it is our processes and practices that are under attack and so who better to lead the charge on readiness than the people who will be most affected in terms of business goal attainment?

To get started, check out the new checklist included in the newly updated Article #37 in the 2014 Ethical Business Guidelines from the Digital Marketing Association (DMA) (full disclosure: I work for DMA). Some of the guidance includes:

  • Should you be in a situation where you are dealing with law enforcement, it's important to have a published privacy and security policy as well as documented internal processes and meaningful employee training. 
  • A collaborative approach must include legal, privacy, IT, your colleagues in marketing (like email, social, and digital), and even HR people. For example, the DMA Guidelines now include guidance on "BYOD" or "bring your own device" employee training.
  • Figure out the most appropriate law enforcement contact and make that part of your planning process.
  • Your plan should facilitate a prompt and coordinated response in order to be rapid, thorough, and reasoned in your response. You want to focus on notification - for internal teams and external parties like customers, partners, credit card companies, and even if not legally required, regulatory agencies and law enforcement.
  • Even if personally identifiable information (PII) or financial data is not breached, you might still be regulated and required to notify affected parties. Remember that email address can be PII in some situations. Check with counsel about exactly what constitutes PII in each state, and plan ahead for your notification business rules. You may decide for business purposes to notify more people than legally required, for example.

These situations are regulated, and in fact 47 states have breach notification laws, each with their own requirements. The rules will apply not just to the business location but also to the location of the people affected and/or the data affected. Be sure that you have your requirements up to date.

When a data breach happens, a lot will be going on at once, in addition to your daily activities. These new emergency activities range from call center training to PR to law enforcement cooperation and research on relevant elements. The plan will be your blueprint for action, especially in the first crucial 72 hours. It's also a good idea to put a plan together and test it with a mock crisis situation. Better to know now where the holes are, rather than find them out when the pressure is on.

This plan development and testing takes a financial commitment. It will include legal fees and employee time and research. You may need to update your various security certifications or practices. However, the financial cost of a data breach in 2012 was estimated at $5.4 million, according to the Venable law firm. That doesn't necessarily count the costs to recover reputation and consumer good will, and any regulatory investigations even if there is not litigation.

Consumer trust is at risk, even if your company is not breached. DMA accepts tens of thousands of consumer complaints a year about marketing practices, most of which are around choices offered via our consumers services like (opt out for direct mail) and (opt out for behavioral advertising). However, recently, complaints about phishing and malware have increased, which we see as reflective of heightened levels of consumer anxiety and unease. Anxious customers are not happy customers.

Please make a note in the comments section about what you are doing on readiness, and what resources you need to be successful.

ClickZ Live Toronto On the heels of a fantastic event in New York City, ClickZ Live is taking the fun and learning to Toronto, June 23-25. With over 15 years' experience delivering industry-leading events, ClickZ Live offers an action-packed, educationally-focused agenda covering all aspects of digital marketing. Register today!

ClickZ Live San Francisco Want to learn more? Join us at ClickZ Live San Francisco, Aug 10-12!
Educating marketers for over 15 years, ClickZ Live brings together industry thought leaders from the largest brands and agencies to deliver the most advanced, educational digital marketing agenda. Register today and save $500!


Stephanie Miller

Stephanie Miller is a partner with brand and marketing technology strategy firm TopRight Partners, which helps customers use the technology they have today to do the marketing they want to do today and tomorrow. She is a relentless customer advocate and a champion for marketers creating memorable customer experiences. A digital marketing and CRM expert, she helps sophisticated marketers balance the right mix of people, process, and technology to optimize a data-driven content marketing strategy. She speaks and writes regularly and leads several industry-wide initiatives. Feedback and column ideas most welcome, to smiller AT toprightpartners DOT com or @stephanieSAM.

COMMENTSCommenting policy

comments powered by Disqus

Get the ClickZ Marketing newsletter delivered to you. Subscribe today!



Featured White Papers

Gartner Magic Quadrant for Digital Commerce

Gartner Magic Quadrant for Digital Commerce
This Magic Quadrant examines leading digital commerce platforms that enable organizations to build digital commerce sites. These commerce platforms facilitate purchasing transactions over the Web, and support the creation and continuing development of an online relationship with a consumer.

Paid Search in the Mobile Era

Paid Search in the Mobile Era
Google reports that paid search ads are currently driving 40+ million calls per month. Cost per click is increasing, paid search budgets are growing, and mobile continues to dominate. It's time to revamp old search strategies, reimagine stale best practices, and add new layers data to your analytics.




    • GREAT Campaign Project Coordinator
      GREAT Campaign Project Coordinator (British Consulate-General, New York) - New YorkThe GREAT Britain Campaign is seeking an energetic and creative...
    • Paid Search Senior Account Manager
      Paid Search Senior Account Manager (Hanapin Marketing) - BloomingtonHanapin Marketing is hiring a strategic Paid Search Senior Account Manager...
    • Paid Search Account Manager
      Paid Search Account Manager (Hanapin Marketing) - BloomingtonHanapin Marketing is hiring an experienced Paid Search Account Manager to...