Data Security

Seventy-five percent of consumers believe they have lost all control over how personal information is collected and used by companies, according to a recent Privacy& American Business survey, said James Koenig, co-leader of privacy practice for PricewaterhouseCoopers, in his session”Marketing in a Privacy-Sensitive World” at Direct Marketing Days New York held last month. Following are a few tips Koenig offered to manage internal communication to better protect your customers’ data: * Implement a marketing oversight management process. “All marketing programs and campaigns should be reviewed quarterly,” said Koenig. Representatives from each distribution channel should be included. The process should be used as a tool to reinforce

If you gather employees’ personal information from credit reports you now are required to destroy the data before discarding of it, according to regulations that went into effect earlier this month. The Fair and Accurate Credit Transactions Act, which was passed by Congress is December 2003, states that employers must shred or burn paper documents or “smash or wipe” computer disks that have the employees’ information. This refers only to data you’ve collected on employees by running credit reports on them. According to a report in USA Today (“Employers must shred personal data,” June 1, 2005), the regulations are part of governmental efforts to reduce identity

A federal bill recently introduced in the U.S. Senate by Diane Feinstein (D-Calif.) would require any institution that owns, licenses or collects personal information to notify the individuals to whom the information belongs if those data are believed to have been acquired by an unauthorized person. Given both the recent flurry of this type of legislation and data breaches at a number of institutions in recent months, Jerry Cerasale, senior vice president of government affairs for The Direct Marketing Association, offered the following advice at his session “Legislation and Privacy Issues: Protect Your Company and Manage Your Risk” at the Annual Catalog Conference held last

Twenty-seven percent of consumers say a trusted online merchant should never share their personal customer information with a third party without the consumer’s express permission, according to “The Online Consumer Permissions Study,” a research report released by the Ponemon Institute earlier this year. In all, 1,799 consumers age 18 and older were surveyed. Other findings include: * 89% of consumers would approve of information sharing without their permission to improve the quality of services or products offered. * 84% to helped reduce incidents of identity theft. * 71% to conduct research that helps a company better understand its customers’ preferences. * 62% to provide product information or special

Be afraid. Be very afraid. As you read this, hackers are scanning your servers for open ports. Or perhaps at this moment a hacker is pasting odd strings into your catalog request form to steal credit card numbers. Worse yet: Your machines might already be compromised — and you don’t even know it. Yes, my intent is to scare. And yes, I sound paranoid. But I’m actually not. As one security expert told me with no trace of humor, “It’s not paranoia when they really are trying to get you.” As a multichannel merchant, your days should be spent worrying about merchandise, customer

Many merchants still haven’t adequately protected their customers’ data from falling into the wrong hands, said Joe Majka, vice president at VISA USA, during his talk at the conference of the eCommerce and Catalog Systems Forum, held March 3 and 4 in New Orleans. In his work with merchants, Majka says he still finds many merchants guilty of the following: ¥ No segmentation and/or firewall installed on networks. “Thieves can get into a merchant’s system and go anywhere they want to within that data network,” Majka said. ¥ Un-patched systems and/or default configuration.”I often see merchants who haven’t changed the default password that comes

Three-quarters of information technology (IT) managers said their companies are not adequately protected from, or able to prevent, computer virus attacks. Here’s what else the study from solutions provider SupportSoft found: ¥ 86% of IT managers said not all of their companies’ computer systems are updated with software patches when initially distributed. ¥ 74% said their companies are hit monthly with one or more computer viruses. ¥ 86% said their No. 1 fear is the loss of employee productivity when their companies are hit with computer viruses. ¥ 71% said unauthorized programs such as spyware and malware are major concerns and increase IT help

Internet-related complaints comprised 53 percent of all fraud complaints processed in 2004, according to a report issued in February by the U.S. Federal Trade Commission. Other statistics reported by the agency: ¥ Online and offline identity theft accounted for 39 percent of the 635,173 fraud complaints filed in 2004. ¥ Internet auctions accounted for 16 percent of complaints. ¥ Shop-at-home and catalog sales accounted for 8 percent of complaints. ¥ Losses due to Internet fraud amounted to $265 million. ¥ In 35 percent of all fraud cases, victims were initially contacted via e-mail. For more information, visit www.ftc.gov/opa/2005/02/top102005.htm.

“For businesses using the Web as a revenue-generating channel, their data are important company assets,” says Chris Kivlehan, marketing manger for INetU Managed Hosting, a Web hosting provider. Losing a customer database in a system-wide crash or other crisis can devastate your business. Orders can go unfulfilled leading to dissatisfied customers and, in turn, reduced revenue. Kivlehan recommends that you talk with your IT manager or a qualified consultant/vendor to discuss back-up procedures and the technologies (e.g., tape drives, separate network storage devices, CDs) needed to do the job properly. In the meantime, here are four steps to help you focus your efforts: 1. Write a

With the start of the 2005, the Can Spam Act reaches its one year anniversary. As the year unfolds, it’s especially important to make sure your multichannel business is compliant. Bennie Smith, chief privacy officer at DoubleClick, offers the following tips on how to unify your e-mail campaigns and protect your customers’ privacy. - All e-mail communication to customers should be presented in a clear, consistent and standard fashion. This includes standardizing e-mail subject lines, headers and footers. Your e-mails need to clearly designate they are an advertisement or solicitation, as well as provide functional opt-out mechanisms, says Smith. - Multiple e-mail marketing databases of opt-in