Research conducted on behalf of marketing email firm StrongMail
found that 61% of marketing workers and 43% of data protection
workers had experienced personal data breaches. The survey was
conducted amongst 900 workers in those two fields.
Only 10% of the people surveyed reported that any breach had
been notified to privacy authorities. There is no legal requirement
for data breaches to be disclosed, though a number of US states
have laws demanding such disclosure.
Over two thirds of the marketing workers believed that the
incident resulted in the loss of customers for the firm responsible
for the breach.
Half of the workers believed that the breaches were connected to
the outsourcing of work to third parties such as vendors, business
partners or contractors. The research found that 78% of marketers
who outsource their email marketing had suffered breaches.
"A cavalier attitude towards outsourcing customer data to third
parties combined with complacent processes for keeping that data
safe is a recipe for disaster," said Paul Bates, managing director
of StrongMail in the UK. "The fact is confidential customer data
doesn't travel well and providing it to third parties for outbound
marketing purposes can, as the research shows, be a risky
proposition."
The survey also found that a quarter of marketers are not even
sure whether or not their firm's practices are within the laws and
regulations on data protection and privacy. It did find, though,
that 87% of data protection workers believed their firm operated
within those laws.
On the more general question of whether their companies'
marketing programmes violate customers' privacy rights, a third of
data protection workers and more than half of marketers said they
were unsure whether or not the programmes violated privacy
rights.
Report author Larry Ponemon said, though, that many companies
seem prepared to tackle the problem by calling a halt to the
outsourcing of email campaigns.
"Although 60% of UK marketers outsource their email marketing
today, 65% of marketers would consider in-sourcing their email
marketing campaigns to ensure greater protection over personal
data," he said. "The message is, albeit slowly, getting home."
The issue of personal information security breaches has become
increasingly sensitive in the aftermath of HM Revenue and Customs'
loss of 25 million people's personal data last year.
By the end of April this year the Information Commissioner's
Office said that it had been notified of 94 privacy breaches since
the HMRC debacle the previous November, 62 of them in the public
sector.
Last week four reports on the HMRC breach were published which
criticised the data security policies of HMRC and outlined ways in
which public sector data security could be improved.
