Data Security Problems Will Only Get Worse, Speakers Say at Privacy Forum
One of the biggest concerns for marketers is the effect that the rash of recent data breaches will have on consumer buying behavior. Phishing, spyware, spam and other issues are already affecting online shopping habits.
"Fifty million consumers have had their data compromised this year, though I don't think the sky is falling," said Michael Turner, president and senior scholar at the Information Privacy Institute.
Donnelley president Ray Butkus said that if 2003 was the year of the "do nots" -- the enactment of the national no-call registry and the CAN-SPAM Act -- 2005 appears to be the year of personal data protection.
"All of these companies have been under intense press and government scrutiny," Butkus said. "And all are learning the hard way that protecting information privacy must be taken very, very seriously."
Jim Harper, direct of information policy at the CATO Institute, said a big problem is the use of uniform identifiers throughout the economy and compared it to having the same key for your car, your house and your office. He also said the name is wrong.
"The problem is identity fraud, not identity theft," he said.
J. Howard Beales III, associate professor of strategic management and public policy at George Washington University and senior consultant at CapAnalysis, said nothing can be done to make the issue go away entirely.
"Thieves rob information because that's where the money is," said Beales, who was director of consumer protection at the Federal Trade Commission from 2001 to 2004,
Evan Hendricks, editor and publisher of Privacy Times, agreed.
"There's low risk and high payoff for the criminals," he said, adding that marketers will begin to have a harder time using data.
Hendricks also warned that consumers' unprotected mailboxes are a target of crystal meth gangs in search of credit card and bank account numbers and other sensitive data.
At Sybase, Jim Swartz, chief information officer, said his job has changed greatly over the past three years.
"I constantly get memos and notes from my CEO, COO and marketing department asking me how we're controlling information pertinent to our customers," he said. "But also how are we protecting the information of our employees, too. Does it conflict with my privacy regulations?"
Wachovia tries to limit the amount of data it gives to its vendors, said Campbell Tucker, director of Wachovia's privacy office. If they don't need it, don't give it to them, he said.
"We're also working on ways to let people opt out of ways that they don't want to transact with us," he said. "It's easy to give customers choices. The harder part is to honor them."
Jerry Cerasale, senior vice president of government affairs at the Direct Marketing Association, said Congress is keenly aware of what is happening.
"Their response to these data breaches will be legislation. The major key is notification," he said. "Legislation may not happen this session. But for sure in 2006, they'll set a national standard."
If you're renting or exchanging your databases, "know your clients," Cerasale said. "If you're renting a list from others, know from where it came and how it was compiled."
Esther Dyson, editor of Release 1.0, said the balance of power is shifting. Marketers have done a poor job of marketing, "and the challenge is to explain yourself and what you're doing better to the consumers."
Cerasale offered four tips for marketers to follow:
* Train your employees.
* Supervise your security and make sure you're doing it.
* Use the latest technology.
* Review and update it constantly.
"Will this stop all thefts? No," he said. "Nothing is foolproof, but this is a good place to start."
Most of all, Cerasale said, treat your customers' information with care.
"Honor that trust. Make certain they have choices and protect it," he said. "And if it's lost, help them."
David Felman, vice president of marketing at Barclays, said the one thing that keeps him up at night is more regulation of direct mail.