Data Security

In the IndustryEye section of this issue on pgs. 12-13, you’ll find our second quarterly Catalog Success Latest Trends Report, a benchmarking survey we conducted in late November in partnership with the multichannel ad agency Ovation Marketing. This one focuses on key catalog/multichannel issues, and we’ve included most of the charts there, so I encourage you to take a look. You’ll be able to find some charts only on our Web site due to magazine space limitations. We also didn’t have the space to include the numerous comments that you — our readers and survey respondents — wrote in response to two of the questions.

The number of consumers willing to provide demographic information in exchange for a personalized online experience increased 24 percent this year over 2005 to a total of 57 percent, according to a recent survey by multichannel personalization provider ChoiceStream. However, 62 percent of respondents still express concern about the security of their personal data online. The survey also showed that 30 percent of online consumers are members of social networking sites, such as MySpace. Broken down by age, however, 69 percent of online consumers ages 18 to 24 participate in social networking sites, while just 8 percent of consumers older than 50 do so.

It’s no secret that customer data is the lifeblood of the catalog and direct marketing industry. But the very fact that you deal in so much data has become the stuff of nightmares for those consumers who fear their information may be improperly used, lost or stolen. David Holtzman, former security analyst and author of “Privacy Lost: How Technology is Endangering Your Privacy,” offers the following four commandments of privacy that will help you allay the fears of your customers and be good stewards of the information you collect. 1. Thou shall not spy on me just because you can. There’s no reason to

In this era of security breaches made public, you can’t be too careful when it comes to protecting your company’s sensitive data. Sure, you may be trying to secure your company’s data against external sources, but are you doing anything to protect that data from internal threats? Computer Associates, an IT management software provider, offers the following “do’s and don’ts” to keep sensitive data safe from potential disastrous inside threats. 1. DO ensure that former employee and contractor accounts are deleted or disabled promptly. Your IT and HR departments should coordinate efforts to keep old accounts from accessing sensitive company information. 2. DON’T allow IT staff

Traditionally, data security has been a back-office risk management concern. Today, whether you’re marketing to consumers or businesses, security is a top-of-mind concern that can differentiate your product or service from the competition. Breach notification laws such as California S.B. 1386 have ensured a steady stream of headlines over the last year, and consumers and businesses have begun to take note. According to the “2005 EDS Financial Services Privacy and Customer Relationship Management Survey,” 59 percent of consumers said financial institutions could further gain their trust by providing ongoing information on measures taken to improve security. What if you aren’t a financial institution? The Conference Board

Identity theft represented 37 percent of all fraud complaints filed in 2005, according to a report released by the Federal Trade Commission (FTC). Credit card fraud was the most common form of reported identity theft, and 46 percent of all complaints were Internet-related, noted the agency. Other top fraud categories included: ¥ Shop-at-home/catalog sales: 8 percent ¥ Prizes, sweepstakes and lotteries: 7 percent ¥ Internet services and computer complaints: 5 percent Source: The FTC’s “Consumer Fraud and Identity Theft Complaint Data” report, http://www.consumer.gov/sentinel/pubs/top10fraud2005.pdf

The security of your customers’ and employees’ personal data isn’t something to take lightly these days, so take the time to re-evaluate your security measures in the new year. Consider the following security guidelines for controlling access to information residing on data storage devices, offered by online nonprofit privacy organization TRUSTe in its recently revised white paper “TRUSTe Security Guidelines 2.0.” 1. Use a unique identification or user name for all system users. Ensure that Social Security or account numbers aren’t used as identification or user names. 2. Establish a password usage policy. This policy should require employees to create passwords using a minimum

The ongoing threats of spam, identity theft and data security breaches hang heavily in the air at the close of 2005. Headlines detailing these dangers have made sure your customers are more aware than ever of the perils of buying online. In fact, 48 percent of Americans avoid making purchases on the Internet because they’re afraid their financial information may be stolen, according to a survey conducted earlier this year by the Cyber Security Industry Alliance. So what’s a responsible online merchant to do? Following are tips to not only ensure your Web site adequately handles customers’ data, but also make it undeniably

The number of worldwide computer virus infections jumped 22 percent from Q1 to Q2 this year, according to the recently released “Trend Micro Q2 Virus Roundup.” Other data revealed by the study: ¥ North America leads the world in infections, with 6.2 million reported in Q2. ¥ Asia comes in a distant second, with about 2 million reported infections in Q2. ¥ Europe reported 1.8 million infections in Q2. ¥ Worldwide infections were down 16 percent from Q1 2004 to Q1 2005. Source: “Trend Micro Q2 Virus Roundup,” http://www.trendmicro.com/en/security/white-papers/overview.htm.

Consumers who’ve been notified that their personally identifiable information (PII) had been compromised are more than upset -- 59 percent of them either consider terminating or actually terminate their relationships with the offending corporations, according to a new consumer study sponsored by law firm White& Case. The survey, conducted by the respected privacy research organization Ponemon Institute, asked 10,000 adults what actions they took after their PII was mishandled: ¥ 58 percent said the breach decreased their sense of trust and confidence in the organization reporting the incident; ¥ 52 percent said the breach notices they received were difficult to understand; ¥ 40 percent