Data Security: How to Market Your Data-Security Measures

Traditionally, data security has been a back-office risk management concern. Today, whether you’re marketing to consumers or businesses, security is a top-of-mind concern that can differentiate your product or service from the competition.

Breach notification laws such as California S.B. 1386 have ensured a steady stream of headlines over the last year, and consumers and businesses have begun to take note. According to the “2005 EDS Financial Services Privacy and Customer Relationship Management Survey,” 59 percent of consumers said financial institutions could further gain their trust by providing ongoing information on measures taken to improve security.

What if you aren’t a financial institution? The Conference Board reported that 13 percent of all Internet users say they or members of their households have been a victim of identity theft. More than half say their level of concern has grown over the past year. More notably, consumers are translating this concern into action -- 54 percent now opt out of special offers and 41 percent purchase less online. Still wondering how this applies to you? If you collect personally identifiable information about your customers such as Social Security numbers, credit card information, date of birth or credit history in the process of providing your product or service, a significant percentage of your customers are concerned about their data and need to be assured that it’s safe.

Consumers aren’t the only ones who care about data security. Financial institutions, health care organizations and retailers all are required to impose contractual security requirements on their suppliers and monitor their security measures on an ongoing basis, particularly those suppliers with access to sensitive data. Other industries also are starting to follow this practice. Data security can become a significant objection and delay sales cycles as your internal customer is pushed aside by the risk management manager or Health Insurance Portability and Accountability Act (HIPAA) compliance officer who wants to ensure your solution doesn’t pose an unacceptable risk.

What are some effective approaches for marketing security? If you outsource your security to a credible third-party managed security service provider, you’re ahead of the game. Your security partner should provide a wealth of material to include in marketing collateral, FAQs, Webinars, mailers -- whatever your marketing communications strategy dictates. If security exclusively is performed in house, consider getting a third-party assessment. You already may have one. This third-party assessment can form the basis of your message: You take security seriously, have a well-run security program and have the third-party assessment to prove your claims.

Next, consider how to integrate data security messaging into the sales process. In general, a good marketing strategy should consist of proactively presented materials for the curious and concerned customer, and reactive materials that your sales reps can use to respond to objections. You even may want to prominently feature data security as a key differentiator and an important reason to do business with your firm over your competitors.

Finally, exercise sound business judgment. Beware of promotional language such as, “We utilize state-of-the-art security technology,” or “We encrypt your data at all times.” I’ve seen companies that feature both statements on their Web sites. These types of claims are a lawsuit waiting to happen and are a tempting challenge for hackers. The Federal Trade Commission considers it a “deceptive trade practice” to publish claims about your security program that are not substantiated by your actual practices. Instead focus on what you do to secure your customers’ data. Do you follow well-known security standards such as ISO 17799 and COBIT? If you accept credit cards, do you follow the Payment Card Industry (PCI) Data Security Standard? Have you been audited against any of the above standards? If so, can the auditor provide a brief statement you can use?

Will data security turn out to be a fad? Will public concern diminish during 2006? Right now, the trends are all pointing in the other direction. Crime rates continue to climb, and more importantly, more states than ever now have notification laws. In 2005 alone, 22 states passed data breach notification laws. This should significantly increase the number of incidents reported by the media, and more media attention will generate more concern. Marketers could very well look back on 2006 as the year data security became a prominent feature.

J. Chris Noell is the vice president of marketing at Solutionary. He can be reached at cnoell@solutionary.com.