I recently received a letter from a large health insurance company. Not my current provider, mind you. One that covered my health care many years ago. In fact, I almost recycled the envelope without reading it, since I assumed they were just trying to get my business back. However, I decided to open it on the off chance it was something important.
Turns out it was. According to the letter, because of a data breach caused by a “sophisticated cyber attack,” my personal information may have been accessed. Everything from my name and date of birth to my social security number and bank account numbers. Yikes!
There wasn’t much more information than that, other than the fact that I was eligible for free credit reporting for two years. Gee, thanks! I’m not going to bother, since I’m pretty sure I still have credit reporting in place in because of the last cyberattack about a year ago, from a large retailer. It seems like these sorts of data breaches are happening every day. That’s because they are.
Even the U.S. government is under siege. An attack hit the news in June, this time involving hackers with ties to China (with the name, I kid you not, “Deep Panda”) who accessed federal security clearance forms containing sensitive information about intelligence and military personnel. And the federal Office of Personnel Management announced July 9th that personal data on 21.5 million individuals was compromised by the hack of the agency’s background investigation database. No one is safe, it seems.
What’s going on here? And why do these security breaches matter so much? For marketers, the problem is threefold.
- First, it’s personal: our own data is at risk.
- Second, our customers’ data is at risk.
- And, lastly, because our customers’ data is at risk, our brand’s reputation is on the line.
The first line of defense is to keep our customer’s data as safe as possible. In some cases, that means getting rid of it in a documented, defensible way.
The Data Dilemma
One of the reasons this situation has been escalating so rapidly is that data is accumulating at an astonishing rate. IDC says that in 2011 we created 1.8 zettabytes (or 1.8 trillion GBs) of information. In 2012 it reached 2.8 zettabytes and IDC has forecast that we will generate 40 zettabytes (ZB) by 2020.
What’s causing the escalation? Well some of the data is growing out of the rapid rise of social media. According to Domo, every minute of the day:
- Facebook users share 2,460,000 pieces of content
- Twitter users tweet 277,000 times
- YouTube users upload 72 hours of new video
But the growth is also driven by the massive amounts of data that companies store about us. It seems every retailer now wants to get your phone number and email address, even if you’re just trying to buy a pair of socks. And every company, from your local grocery store to your pet groomer, has information about you, including your habits, behaviors, and payment options.
As marketers, we know what’s driving this data-hoarding instinct. The more information we can collect about our customers and prospects, the more we can tailor the offers and experiences they receive from us, and the more likely they are to develop a lasting relationship with our brand.
So how long do you hold on to data from your customers and prospects? If the answer is “forever – maybe longer,” you might want to reconsider. It’s not just about protecting the personal information of your buyers. The cost of maintaining old data that’s no longer of value to your business is getting pretty steep.
The Price of Digital Debris
According to the Compliance, Governance, and Oversight Council (CGOC), an estimated 69% of all the data collected by organizations today has lost most, if not all, of its business, legal, or regulatory value. That means a large company with 10 petabytes of data, which may cost as much as $50 million a year, could be spending as much as $34.5 million on data that could be deleted.
For smaller companies, the cost may be much less, but it adds up over time. And when you factor in the high price of fines for non-compliance and the damage to your brand if a data breach involving your company hits the news, it’s clear that removing unnecessary data is a key part of a good information governance policy.
Because really, you should keep data only when it’s necessary or useful for your business, or because there’s a law, regulation, or contract agreement says it must be retained. In some cases, the data may also be relevant to an active legal matter, which means it would need to be retained until the resolution of the legal hold. But most of the time, you could be hanging on to data that you just don’t need.
What to do about data storage
First, have a data retention policy. Review it every year, at a minimum. You will need to make decisions about how long you keep data, which data you keep, and what you do with it if and when you decide to get rid of it. You may have valid reasons to retain data rather than getting rid of it. You may want to retain part of it (say a name and email address) while deleting other personally identifiable information (PII) such as a credit card number. And then, you also need to make sure you’re not running afoul of any state, local, or national regulations. Data storage and retention regulations are different depending on the state or country you’re in. So you need to be mindful of the ones that relate to your geography – as well as the rules for your prospects and customers.
Of course, the size of your organization and the extent of your data storage are factors in determining how and when you deal with it. Small companies might be able to get away with using digital file shredders to dispose of data. Any company using cloud storage must take steps to ensure data stored on the cloud is kept secure, and is permanently deleted when it’s time to delete. Companies in highly regulated industries must follow their own rules, which sometimes include the need to prove that certain data has been destroyed.
Marketing agencies often have the toughest job, since they do work for a wide variety of clients, and retaining (or disposing of) data is a job that sometimes falls to them. In addition to keeping the personal information of their clients’ customers secure, agencies also handle intellectual property for the companies they work for, and that requires yet another set of protocols. Additionally, some clients may be in highly regulated industries, necessitating a different standard of practice from other clients.
For all of us – and especially for those of us who are digital marketers – compliance is critical to our success. In order to create customer loyalty, we need to build trust. And that means we need to prove to our customers that we will use their data wisely, with awareness and deliberation – and dispose of it responsibly.
Ready to get rid of some data debris? Here are some best practices that can help with disposing your data.
Don’t forget to clean out your email lists periodically, as well. If you need help or aren’t sure where to start, our data hygiene services can help you identify and remove any data that will have a negative effect on your deliverability rates. Or you can download our free eBook, Best Practices in Email Deliverability, to learn more about the critical factors that can affect your email campaigns success.