Data is arguably the hottest commodity in marketing, which makes it a tempting target for bad actors. But it's not just Eastern European hacking networks that companies have to worry about. Marketers are also increasingly facing questions about how to keep other countries and even competitors out of their data troves.
Data breaches in recent years have affected companies ranging from Target and T-Mobile to Anthem and Staples. In 2015 alone, through Oct. 20, the Identity Theft Resource Center has tabulated 620 reports of data breaches affecting more than 175 million consumer records. So it's not surprising that marketers are more and more vigilant about hackers.
At a CMO session during the Association of National Advertisers Masters of Marketing conference earlier this month, some marketers were willing to share, at least in broad strokes, what they're doing to prevent data theft.
Jerri DeVard, senior VP-chief marketing officer of ADT Corp., said the security provider sends its own employees emails that are designed to mimic outsiders' phishing messages, to see who will click and earn a talking-to.
Ms. DeVard said she even suggested trying a system where if someone clicks on a link they shouldn't click on, they're shut out of the system and need to call IT to get back in. "That will teach them to be very, very careful about what they click on," she said during the session. At the same time, ADT limits access to sensitive information internally, and has third-party providers test the company's compliance with data safeguards.
John Costello, president of global marketing and innovation at Dunkin' Brands, said his company regularly attacks its system from the outside. Each week, security is reviewed at the CEO's weekly staff meeting, he said. "I think the bad folks out there have realized that there's a lot of power to getting into systems, and I think you need to continue to upgrade it because the criminals are getting more sophisticated every month as well," said Mr. Costello, who also serves as global chairman of the Mobile Marketing Association.
Despite having one of the largest data troves anywhere, Walmart has so far avoided a major breach, outside of possible involvement with other retailers victimized by a hack of data from a photo processing contractor in Canada.
At least symbolically, the retailer's commitment to data security is evident at the Walmart North Data Facility-a fortress-like 125,000-square-foot compound built largely into the earth and surrounded by a razor-wire fence in the Ozark foothills on Bear Hollow Road near Pineville, Mo., 15 miles north of headquarters in Bentonville, Ark.
Variously called "the data bunker," or "Area 71," it's far from a secret-though one supplier executive noted being followed by a Walmart security car after he drove by to observe construction years ago. It's become legend, including fodder for a YouTube video from a drone flyover earlier this year.
It isn't just drone pilots and identity thieves on the prowl, however. Allegations of Chinese government involvement in hacking to acquire data from U.S. companies have been constant in recent years, even after an agreement between the U.S. and China on thttps://www.youtube.com/watch?v=1z5jJ66F1ykhe issue last month.
But reports of marketers actually hacking other marketers for data remain rare.
A 2001 case in which Unilever alleged spying by Procter & Gamble was an entirely analog affair and involved no electronic intrusions, according to people familiar with the matter. Oracle and SAP last year settled after seven years of litigation over allegations that the latter improperly downloaded files from the former. And part of the Ashley Madison data-breach controversy earlier this year included leaked emails indicating the CEO and chief technology officer discussed hacking rival sites, including discussion of a member roster already obtained from one intrusion.
Aside from the legalities, such things are widely considered bad form. One marketer executive recently recounted averting his eyes from the laptop of a rival-company executive on a flight to Bentonville.
But marketers are also concerned about rivals getting, or at least receiving benefit from, data shared voluntarily. In the same ANA panel, Mr. Costello said, "We've had companies offer to build our mobile app for free if they could have access to the data, and that was pretty enticing, because it was a big investment. And we said no."
In general, he said Dunkin' weighs the risk of sharing data vs. the reward. "If we're trying to get industry benchmarks we need to share that data. If it's part of measuring the ROI of marketing or product development, we don't share it."
One reason some companies such as P&G, Unilever and Kellogg Co. either have built private programmatic trading desks or proprietary versions run by their agencies is to avoid letting their data, or analysis of it, help rivals. Unilever VP-Global Media Rob Master said one reason the company built a proprietary digital trading system with Mindshare was to keep what it learns in house.
Despite its big data hoard, even Walmart relented on a policy to limit sharing sales data with suppliers and syndicators in 2011 after a 10-year withdrawal from industry data sharing. The retailer found it could benefit from sharing, since it got access to better competitive pricing and performance data in return through Nielsen.
Still, Starcom USA CEO Lisa Donohue, speaking on the ANA panel, said she is puzzled by marketer willingness to share data in some cases, but not others. "On the agency side, there will be a lot of discussion about competitive conflict," she said. "And then I have watched people turn over reams of data, including cost data, because it's Google and it's an ad-tech company."
Contributing: Jessica Wohl