Scary Days in Marketing

Cybercriminals broke into the computer systems at BJ’s Wholesale Club and and stole customer data. As a result, BJ’s faces about $13 million in private claims. And in its settlement with the Federal Trade Commission, BJ’s must submit to outside security audits for the next 20 years.

Fraud costs the retail industry an estimated $1.5 billion annually, according to the National Retail Federation.

Think technology will come to your rescue? Think again. In 2004, the Carnegie Mellon University CERT Coordination Center tracked 3,780 new computer security vulnerabilities, up from just 171 in 1995. The problem is getting worse, even with all of the security measures that industry and consumers are taking.

Think the issue of data security won’t hurt your bottom line? A recent consumer survey done by Privacy & American Business and Deloitte & Touche found that 64 percent of respondents have, at some point, not made a purchase due to privacy concerns, and 67 percent said they didn’t register on, or buy merchandise from, a Web site because of security concerns.

Think you’re safe behind a corporate shield? Not if the Personal Data Privacy and Security Act of 2005 is passed. In this Senate bill introduced in June, company executives who don’t notify consumers in the event of a security breach at their companies would face penalties and possible jail time.

Yes, folks: Jail time.

These are scary days. Data are being carelessly shot around the globe by banks, credit card companies and marketers. I’m sorry if the word “carelessly” rankles some readers, but what other conclusion could one make when almost every day brings news of yet another data security breach?

Here’s what to do: March into your IT manager’s office and ask what he or she is doing to protect your customers’ personal data. Don’t accept the answer: “Everything’s fine. Don’t worry.”

Worry.

Better yet, do what Limited Brands has done. It assigned a team that includes personnel from IT, information security, customer service, human resources, legal (internal and external), marketing and internal auditing. “Everything the team does is to protect customer data and privacy,” Paul Jones, Limited’s chief security officer and senior vice president of loss prevention and global security, told Information Week.

Make your employees accountable for data security. For example, make “protecting customers’ information” a line item on employees’ reviews. And make yourself accountable. Don’t wait for the feds to come knocking on your door because some hacker punk figured out your system’s vulnerabilities and walked away with your most valuable corporate asset: your customers’ trust.