Marketing News & Strategy

The CMO's Guide to Data Security

Four Things CMOs Can Do to Protect Data Privacy
By Kate Kaye. Published on April 15, 2014.
READ THIS NEXT   
DTC marketing news and trends—tracking the industry ups and downs

WHAT A CMO CAN DO
TO PROTECT DATA PRIVACY
Take inventory

Data-security profes-sionals recommend that companies take stock of what data they store and man-age, whether it be proprietary opera-tional information or CRM data. Where is it and who has access to it?

Be prepared

Sophisticated brands must rally key stakehold-ers representing legal, human resources, IT or security departments, global communications, the digital team—and, yes, the marketing depart-ment—to craft a data-breach-response plan.

Test the plan

Today, dealing with a data breach is about more than just reacting. Firms must test breach-response plans the same way they would practice emergency exits during an office fire drill. That means giving individuals ownership of specific steps in the process, such as consumer notification.

Re-evaluate vendor and third-party contracts

According to reports, the Target breach occurred when a hacker tapped into the system using a refrigeration contractor's credentials. The PwC report noted more than 40% of companies sus-tained a breach caused by a third party. That means marketers and legal execs should revisit contracts with analytics and ad-tech firms, mar-keting-services partners and data-management companies.

Data-security events in the modern era could be categorized as "Before Target" and "After Target." The effects of the company's late-2013 data breach of as many as 110 million consumer records and credit-card numbers continues to ripple -- even reaching marketing departments across the country.

The Target breach and subsequent media coverage "put some wind in the sails" of a previously-backburner cyber-security-task-force initiative at Estée Lauder Cos., said Teena Lee, VP-privacy and e-commerce counsel at the beauty firm. "The conversation now is getting a little bit more organized."

Lately when people at Estée Lauder are developing a new branded mobile app or implementing an
e-commerce program, data security and privacy concerns are top of mind. That means more work for Ms. Lee and her staff. "Now I'm actually one of the first calls," she said.

Estée Lauder's Global Information Systems team vets vendor security, added Ms. Lee. "I tap into my partners in GIS Risk, saying, 'We've got this thing getting built. I need you to vet the vendor from a data-security perspective and advise on anything we need to add to the program to make this secure.' "

A variety of culprits can be responsible for a data-security breach: anti-corporate activist hackers, organized criminals, groups backed by adversarial nation states seeking trade secrets -- and perhaps most surprising -- a company's own employees.

One data breach can cost an average of $500,000 for a U.S. corporation, according to a 2013 PwC study. On top of that, not only is a company's stock price destined to drop, but brand reputation is damaged and customers become wary. PwC reported customer churn rises almost 4% as a result of data breaches.

"What has very carefully and strategically been built, all of that can be unraveled very quickly in the context of a data breach that hits newspapers," said Emily Stapf, director of forensic technology at PwC. Corporations victimized by a data breach typically employ forensic services to uncover the causes of a data leak.

Historically, companies have placed data security under the purview of their IT and legal execs. In today's post-Target environment, security conversations have climbed their way to the boardroom. Now brand-conscious CMOs and other marketing execs want a seat at the data-protection table, too.

"This is part and parcel with putting together a marketing program," said Ms. Lee regarding global data security at Estée Lauder. "It's not a foreign concept for people here."

"We have actually had compliance where the marketers have asked to look at privacy through their lens," said Carolyn Holcomb, partner and leader of PwC's data-protection and -privacy practice. "In the past we have not seen a lot of marketing execs in this area on the proactive side."

In this article:

Thumbnail
Kate Kaye

Kate Kaye covers the data industry for Advertising Age and is the main contributor to the Ad Age DataWorks section. Before joining Ad Age in November 2012, Kate worked as a writer and reporter covering the digital marketing industry since 2000, focusing on beats including data-driven targeting, privacy, and government regulation. Kate helped cultivate the online political campaign beat, and in 2009 wrote "Campaign '08 A Turning Point for Digital Media," a book about the digital media efforts of the 2008 presidential campaigns. Before joining Ad Age, Kate was managing editor of ClickZ News, where she worked for nearly 7 years.

Follow View all articles by this author
Most Popular

WHAT TO READ NEXT

DTC marketing news and trends—tracking the industry ups and downs

DTC marketing news and trends—tracking the industry ups and downs
Spotify is laying off 17% of its workforce, its third wave of cuts this year

Spotify is laying off 17% of its workforce, its third wave of cuts this year
How The North Face turned a viral TikTok customer complaint into a marketing win

How The North Face turned a viral TikTok customer complaint into a marketing win
Home Depot highlights trade labor gap in new campaign

Home Depot highlights trade labor gap in new campaign
Gen Z roundtable on shopping—watch and submit your questions here

Gen Z roundtable on shopping—watch and submit your questions here
Marketing winners and losers of the week

Marketing winners and losers of the week
Amazon revives a ’90s holiday campaign, inspired by the ’60s, for 2023

Amazon revives a ’90s holiday campaign, inspired by the ’60s, for 2023
McDonald's secretive new restaurant CosMc's set to open

McDonald's secretive new restaurant CosMc's set to open