Preventing data loss

When the HMRC lost disks containing the personal and financial data of millions of taxpayers last year, many organisations were forced to take a critical look at their own data security procedures. Despite this, an “alarming number” of security breaches continue to be reported to the Information Commissioner’s Office (ICO), indicating that businesses still have a long way to go in cleaning up their collective act. But what implications does this have for B2B marketers, for whom data is crucial?

Because the majority of data security breaches come about through loss of personal information, it can be easy to overlook fraud that may come about as a result of “lost” business information.

Yet according to Christine Andrews, director of DQM Group, it is still an issue in the B2B world. “About a year ago a couple of directors of a major construction company left, taking its customer database with them. They were found out and the individuals concerned ended up with suspended jail sentences and damages were awarded to the company. Employees wandering off with company data is probably the main data security issue in B2B,” she says.

The problem though, adds Andrews, is that many people don’t view stealing from a business as theft. “People will wander off with strategy papers without giving it a second thought,” she says. “And further down the chain, there is the danger that disillusioned sales staff could easily be swayed to steal data for a competitor.”

Changing attitudes

There needs, she says, to be a change in attitude to combat this ‘laissez faire’ approach to business data. It’s imperative for management to work with their IT teams to make sure data is kept secure and to ensure the processes are in place to filter down to all staff, so that they understand the value and importance of the data held. Andrews adds, “Only last week I was in a meeting with a large data owner, discussing how the onus on data management has shifted from the IT department to the senior management. Because of cases like HMRC, concerns over how data is tracked and used are now being expressed much more at the board level.”

How the law actually applies to the misuse of business data is not entirely clear cut. The Data Protection Act of 1998 stipulates that personal information must not be misused, yet B2B data is not generally considered to constitute personal information. But, warns the ICO, which in May was granted new enforcement powers allowing it to prosecute security breach offenders, any organisation passing on email addresses fraudulently is eligible for investigation – a fact that B2B marketers should at least be aware of.

“The ICO’s lack of effective enforcement powers [before] meant that organisations were not taking their data protection responsibilities seriously” says James Milligan, legal advisor at the DMA. “The new enforcement powers will allow the ICO to issue a monetary penalty notice in the case of serious breaches of the data protection principles listed in the 1998 Act, where the organisation has been deliberately or recklessly negligent.

“This is good news and will force organisations to look at how they handle personal information and tighten up their policies and procedures where necessary.”

Don’t get caught short

Whilst it appears that B2B companies don’t generally involve themselves in the use of or passing on of fraudulent data, the general consensus is that practitioners can still inadvertently end upon the wrong side of the law. Consider the following to keep yourself on its right side:

1. Monitor your staff

If your sales staff have access to sensitive data, make sure they treat it with care. Last year, Salesforce.com was caught off guard when one of its employees innocently handed over a company password to spammers, which led to a customer contact list being copied. That particular breach was quickly spotted and sorted but, says Jon Pope, chief operating officer at Information Arts, to make sure that it doesn’t happen in the first place companies must train and monitor staff who have access to data. “There is plenty that you can do internally to prevent data escaping into the wrong hands,” he says. “Restrict access to customer databases to those that absolutely need to be able to see it and make sure staff are trained in the first place not to leave themselves open to abuse from spammers.”

2. Know your purchase terms

B2B marketers might also find themselves in a hot spot if they use rented or leased third party data more times than stipulated in an agreement. This, says Nigel Bennett, director at Market Location, is not that difficult to do by accident either. “Many people are ignorant about the conditions of data purchase,” he says.

“Brands often buy single-use data but continue using it time and time again, without realising they are breaking the terms of purchase. The terms data providers use vary massively, so it is little wonder that users cross the boundaries.”

3. Outsource sensibly

Marketers should remember that laws concerning data privacy and security vary from country to country – an essential consideration to make if you are going to outsource your database management to a third party overseas.

“You must ensure that the company you are partnering with – offshore or at home – takes data security seriously and fully understands the regulations that affect your business,” says Mike Howse, European MD of Protegrity. “Find out how your partners approach data and network security and risk. What type of encryption software do they use to protect data? Is data encrypted at all stages of its lifecycle, at capture, in transit and at rest, as it should be? Are their systems audited regularly, and by whom?”

4. Audit regularly

Data auditing is particularly key, according to Andrews. She says that whilst large data organisations that distribute data for resale carry out regular audits, few other companies that outsource their data bother, despite the fact doing so can highlight potential problems before they get out of hand.

“People just see an audit as paying for hundreds of days of people crawling all over their organisation, so it’s hard to quantify the real benefits, which are essentially protecting your brand and making sure you don’t end up in jail for a security breach,” Andrews says.

B2B is “self-policing”

For B2B brands looking to make sure they stay on the right side of the law, the steps they can take are pretty black and white; audit, encrypt, train staff and make sure you know your data supplier agreement inside out. But would it help if B2B practitioners had access to a set of guidelines to help them through the mire of red tape that seems to surround the issue of data security?

“The problem with more regulation is that although it’s easy to regulate against severe or blatant breaches of the law, to rule over every minute detail will smother B2B marketing, putting practitioners off for fear of accidental breaches and wasting time and money bringing these cases to court,” says Ray Welsh, sales and marketing director of Mailtrack. “If we are honest, B2B marketers tend to be more self policing, as they have more to lose than unscrupulous B2C spammers.”

But for some, the practice of B2B marketing may not remain quite so unscrupulous forever, with some predicting a that potential grey area concerning use of business data could soon emerge. As the data protection laws become more stringent, Pope says that companies may start looking to purchase business contact lists to target consumers in the workplace. “People could start getting targeted with personal offerings based on a certain role that they do or their interests. This could end up becoming a grey area that marketers will have to be careful they don’t abuse,” he warns.

For now though, it seems that brand damage ultimately does remain the biggest incentive for B2B marketers to handle their customer data with the utmost care. “At the end of the day it’s important to remember with a business database you are still holding information about individuals – marketers must treat data how they would want theirs to be treated,” says Emma Dunstone, marketing director at Secerno. “It’s simple, if you protect your data, you’ll protect your brand.”

It is clear that businesses don’t always understand the risks associated with sensitive data – systems fail, users accidentally delete files, viruses attack every day, natural disasters occur and mistakes happen. Throughout, businesses could lose critical data.

One of the most important questions marketing professionals need to ask IT management is, “What is my data recovery plan?” and encourage them to implement three processes to ensure the safety of their data before it’s too late:

1. Storage – protect valuable data by making sure important information is stored in a designated, secure storage system rather than on a PC under someone’s desk that could fail at any time.

2. Backing – protect data by making sure it is backed-up efficiently and properly without any errors to ensure it can be recovered. Tape back-up systems are not an efficient way to achieve this.

3. Encrypt – make sure that valuable and important data cannot be accessed by unauthorised persons.

 

Related content

Access full article

B2B strategies. B2B skills.
B2B growth.

Propolis helps B2B marketers confidently build the right strategies and skills to drive growth and prove their impact.