Data Security

Even though retail executives recognize the growing and continued importance of information security to their organizations and customers, they've been holding back on increasing information security investments, according to the 2011 Global State of Information Security Survey.

Over the past few months, we at Catalog Success have been hard at work to further develop a hefty well of research data for our readers. In October we launched the Catalog Success Latest Trends Report, a quarterly series of original benchmarking research we’ve been conducting with the multichannel ad agency Ovation Marketing. In the coming months, we’ll also be running a series of mail volume charts provided by several catalog co-op databases. Like the Latest Trends surveys, these will run in the IndustryEye section of our print magazine. And for the past year or so, we’ve been running a regular reader poll.

It’s been nearly 10 years since the Direct Marketing Association (DMA) began requiring all members to follow its Privacy Promise. In 1998, faced with mounting concerns from legislators, advocates and consumers, we unveiled this self-regulatory initiative and aggressively enforced it. Since then, we’ve seen regulators and legislators impose restrictions affecting certain direct marketing sectors, specifically teleservices, health care and financial services, as well as those who market to children or adults online. But the self-regulation put in place years ago has served the mailing industry well. Now it’s time to take that to the next level. At the beginning of my lengthy career in

In the IndustryEye section of this issue on pgs. 12-13, you’ll find our second quarterly Catalog Success Latest Trends Report, a benchmarking survey we conducted in late November in partnership with the multichannel ad agency Ovation Marketing. This one focuses on key catalog/multichannel issues, and we’ve included most of the charts there, so I encourage you to take a look. You’ll be able to find some charts only on our Web site due to magazine space limitations. We also didn’t have the space to include the numerous comments that you — our readers and survey respondents — wrote in response to two of the questions.

The number of consumers willing to provide demographic information in exchange for a personalized online experience increased 24 percent this year over 2005 to a total of 57 percent, according to a recent survey by multichannel personalization provider ChoiceStream. However, 62 percent of respondents still express concern about the security of their personal data online. The survey also showed that 30 percent of online consumers are members of social networking sites, such as MySpace. Broken down by age, however, 69 percent of online consumers ages 18 to 24 participate in social networking sites, while just 8 percent of consumers older than 50 do so.

It’s no secret that customer data is the lifeblood of the catalog and direct marketing industry. But the very fact that you deal in so much data has become the stuff of nightmares for those consumers who fear their information may be improperly used, lost or stolen. David Holtzman, former security analyst and author of “Privacy Lost: How Technology is Endangering Your Privacy,” offers the following four commandments of privacy that will help you allay the fears of your customers and be good stewards of the information you collect. 1. Thou shall not spy on me just because you can. There’s no reason to

In this era of security breaches made public, you can’t be too careful when it comes to protecting your company’s sensitive data. Sure, you may be trying to secure your company’s data against external sources, but are you doing anything to protect that data from internal threats? Computer Associates, an IT management software provider, offers the following “do’s and don’ts” to keep sensitive data safe from potential disastrous inside threats. 1. DO ensure that former employee and contractor accounts are deleted or disabled promptly. Your IT and HR departments should coordinate efforts to keep old accounts from accessing sensitive company information. 2. DON’T allow IT staff

Traditionally, data security has been a back-office risk management concern. Today, whether you’re marketing to consumers or businesses, security is a top-of-mind concern that can differentiate your product or service from the competition. Breach notification laws such as California S.B. 1386 have ensured a steady stream of headlines over the last year, and consumers and businesses have begun to take note. According to the “2005 EDS Financial Services Privacy and Customer Relationship Management Survey,” 59 percent of consumers said financial institutions could further gain their trust by providing ongoing information on measures taken to improve security. What if you aren’t a financial institution? The Conference Board

Identity theft represented 37 percent of all fraud complaints filed in 2005, according to a report released by the Federal Trade Commission (FTC). Credit card fraud was the most common form of reported identity theft, and 46 percent of all complaints were Internet-related, noted the agency. Other top fraud categories included: ¥ Shop-at-home/catalog sales: 8 percent ¥ Prizes, sweepstakes and lotteries: 7 percent ¥ Internet services and computer complaints: 5 percent Source: The FTC’s “Consumer Fraud and Identity Theft Complaint Data” report, http://www.consumer.gov/sentinel/pubs/top10fraud2005.pdf

The security of your customers’ and employees’ personal data isn’t something to take lightly these days, so take the time to re-evaluate your security measures in the new year. Consider the following security guidelines for controlling access to information residing on data storage devices, offered by online nonprofit privacy organization TRUSTe in its recently revised white paper “TRUSTe Security Guidelines 2.0.” 1. Use a unique identification or user name for all system users. Ensure that Social Security or account numbers aren’t used as identification or user names. 2. Establish a password usage policy. This policy should require employees to create passwords using a minimum