More NewsWhy data security is everyone’s responsibility

Why data security is everyone's responsibility

In the world of digital disruption, big data and the internet of things security has become your responsibility.

It is almost exactly five years since a rash of major ESP data breaches. In the wake of those events steps were taken to enhance security but we still have a long way to go.

As marketers we are responsible for the security of a growing amount of sensitive data. Unfortunately most marketers still don’t see it that way. For sure they accept they have a duty to ensure that they aren’t irresponsible with their company’s data.

The responsibility for security however is seen as someone else’s problem (usually IT or the security department) and nothing to do with marketing. While this perspective is common it is misguided and out of date.

First though let’s be clear what data security means. When we talk about data security it is common to think of unauthorized access. While this is part of data security it is also about maintaining the availability and integrity of information.

There are three key areas where marketers, especially email marketers, need to take responsibility for data security.

1. Tool selection and use

Cloud platforms have enabled marketers to make tool decisions without involving IT. For many this has been enormously beneficial, allowing them to select platforms that better fit their needs and enabling faster decision making.

A side-effect of this transition of authority is that security requirements are oftentimes overlooked.

Furthermore, even when vendors do meet company security requirements they are only effective if security procedures are followed day to day.

2. Customer data collection and storage

Marketers have an increasing degree of autonomy over the manner in which customer data is collected and where and how it is stored.

This is partly a function of the tool selection control mentioned above and partly due to the ease with which marketers can setup data collection and capture solutions.

This autonomy comes at a price. When marketers decide what is collected and how it is stored they must also make informed decisions about how that affects company liability and risk posture.

3.Data use and disposition

Marketers have access to an ever growing amount of data of widely varying levels of sensitivity. However having data does not necessarily mean that you can do with it what you will.

Laws, regulations, contracts and consumer expectations may all play a part in what you can and should do with data you own. At least 31 states have laws about the destruction of Personally Identifiable Information (PII).

To address these issues marketers need to make some essential changes.

  • First, accept that security is our problem. This takes time and continual reinforcement but cultural change is a prerequisite for the operational changes that are required. If we don’t change the culture we will not change the behavior.
  • Second, get educated. Security can be complicated. The threats and impacts can be subtle. Plus anytime there are laws, regulations and government bodies involved it is bound to get complex. Marketers need to treat understanding threats and security requirements as a key knowledge set.
  • Finally, create a big tent. In too many businesses there is an adversarial relationship between security, IT and marketing. Internal conflict leads to misinformation and lack of transparency both of which create a situation ripe for abuse and error.

Digital disruption, cloud platforms, big data and the internet of things has taken data security out of the IT department and made it everyone’s responsibility.

Now is not the time for complacency. Now is the time to step up and ensure the headlines of five years ago are never repeated.