By Ryan Deutsch

Email marketers constantly discuss concepts like relevance, lifetime value, dynamic content, automation and delivery. But what about the more mundane topics like data security? In the last few months, consumers have received a number of notifications explaining that security failures have compromised email addresses and provided third parties with potential access to digital identities.

When brands are asked about the importance of data security, all will explain how serious they take protecting subscribers' personally identifiable information (PII). However, many seem to place security below the line when looking at their email programme investment. Financial services firms seem to be the only exception to this rule. Underestimating the importance of data security within the email channel can be a huge liability. Now, more than ever, email marketers must establish a level of trust with subscribers.

Email alternatives (the social web, mobile applications, and communities) are rampant, and consumers are constantly reconsidering the best way to interact with brands. Email marketers must also realise that most sophisticated programmes use a material amount of PII in campaign execution. PII is defined as information that can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual. Email address alone is categorised as a digital identifier and considered PII. Add to that everything from browsing behaviour to transaction history, and an email database can quickly become home to significant amounts of PII.

Given the amount of press on the topic in recent months, it is critical for email marketers to take a close look at how data security, and the related trust between brand and subscriber, is prioritised within programme management.

Email marketers (and the companies that support them) should not panic at the recent security issues facing the industry. In general, email marketers have done a good job protecting the subscription and preference data that forms the basis of the permission marketing channel. That said, with the renewed scrutiny that is bound to follow cases such as the security breach at Epsilon, there are a few things that all brands should consider immediately.

Risk assessment

Like anything else, investment in security around email data should be based on the corresponding risks around data loss and illegal access. All brands, regardless of size, risk consumer mistrust and list attrition in the event of a data loss. This means that brands relying on email for top-line revenue must take data security seriously. In addition, large brands often find themselves susceptible to litigation as consumers and activists groups seek to take advantage of "deep pockets" via the courts. These companies should take extra precautions against data vulnerability. Finally, there are serious legal consequences to specific industries like financial services if PII is not kept safe. Companies in these industries should be extremely careful and in some cases consider ‘insourcing’ as the most appropriate option.

Ask information technology for an audit

Most large firms in Europe and the United States take data security seriously. In fact, there are often individuals and entire departments tasked with keeping consumer information secure. These teams tend to focus on internal systems that are deployed within the corporation's firewalls. Any new service or solution deployed internally for the business should be approved by the IT security teams. This is a double-edged sword. The additional scrutiny results in more secure data, but the price of increased security can be delayed time to market. This issue becomes very complex in the email marketing space as many brands leverage software-as-a-service offerings to create, deploy, and track email communications.

Email marketing owners within a brand should invite their internal IT teams to meet with their service providers and apply the same strict guidelines to the ESP as they do to internally-deployed technologies. To put a fine point on it, according to a survey conducted by the Society of Corporate Compliance and Ethics (SCCE) and the Health Care Compliance Association (HCCA), 70 percent of compliance professionals feel that their organisations are well or very well prepared to fend off malicious hacker attacks; however, their confidence wanes significantly when assessing other data breach threats. For example, 41 percent felt it was very or somewhat likely that an accidental breach could occur by third-party vendors. Internal IT teams can help the email marketer and their vendors feel more secure.

Third-party audits

For those brands where compliance or other factors require a serious commitment to data security, they should consider investing in penetration testing (PEN testing) via third-party solution providers. Consulting firms like ISEC Partners will deliver resources and expertise that many brands do not have internally. These third parties can help in the solution design process, making sure that brands not only understand potential security weaknesses but also how to minimise them.

The simple fact is that all systems are susceptible to malicious attacks. As advanced email marketers, it is our responsibility to minimise the chances the "attackers" have when targeting our systems. In the wake of recent events, take a look at your email technology and the data it connects to and ask yourself to what degree system security was audited by your internal teams or third parties. If the answer is unclear, prioritise a security review today.

About the author

Ryan Deutsch is vice president of Strategic Services. An online marketing veteran and industry thought leader, Ryan has more than 12 years of direct marketing experience across the catalog, retail and publishing industries. In addition to a bi-weekly MediaPost column, Deutsch is a regular contributor to multiple industry publications, including DM News, BtoB Magazine, and Chief Marketer. Ryan has been and remains a frequent speaker at industry events, including the DMA Annual, eTail, ad:tech and the MediaPost Email Insider Summit.

Most recently, Ryan served as vice president of marketing automation at Premiere Global Services, a global outsource provider of email and business process solutions. In that role, he was instrumental in brokering customer relationships with numerous global brands. Previously, Ryan was vice president of sales and marketing for Twelve Horses North America, where he was responsible for its email marketing suite of products. Additionally, as vice president of SpringDot, Inc., he managed key account relationships and oversaw operations of the Cincinnati-based commercial print and email provider. Ryan holds a BS in accounting from Indiana University.

About StrongMail Systems, Inc.

StrongMail enables marketers to forge meaningful, profitable and long-lasting connections with their customers through email marketing and social media. StrongMail's dedicated solutions offer low cost of ownership of any tier-one solution and easily connect with customer data for superior relevancy and performance. StrongMail’s email and social CRM agency provides strategic and creative services to help marketers listen, learn, engage and influence best customers. Learn more at www.strongmail.com or via the links below.

Newsletters: www.strongmail.com/site/subscribe/

Facebook: www.facebook.com/StrongMail

Twitter: www.twitter.com/StrongMail

Blogs: www.strongmail.com/resources/blogs/