Consumer data is the fuel pushing today’s data-driven direct mail campaigns to new heights by providing the ability to create highly personalized, relevant offers that consumers respond to. For example, in the not-too-distant past, a pet food retailer might have sent the same offer for a discount on a popular brand of dog food to an entire segment of the population—all using the same photo of a golden retriever. Without strong marketing data, they had to cross their fingers that the recipient owned a pet, specifically a dog, and preferred that brand of dog food.
Today, with the right strategy, creative, and technology in place, the same pet food retailer can send an offer tailored only to dog owners, with a discount on each recipient’s favorite brand of dog food, and even include a photo that better represents the breed of dog they own. The recipient is much more likely to respond to the offer. The marketer isn’t sending irrelevant mail to cat owners—they’ll get a separate offer—or to people who don’t own a pet (no resources will be wasted mailing to them).
That’s the power of consumer data in today’s marketing environment. But marketing partners need access to their clients’ data files in order to create this type of relevant and engaging mail. Data can be incredibly powerful, and like Uncle Ben’s famous line from Spider-Man, “With great power comes great responsibility”—which is especially true when it comes to transferring marketing data between companies.
Getting Personal (Or Not-So-Personal) with Your Marketing Data
To get a better idea of what kind of data is handled by your marketing partner, you should know the differences between different types of consumer data. Personally Identifiable Information (PII) is any information that can be used to distinguish an individual’s identity, such as:
- Social security number
- Date and place of birth
- Mother’s maiden name
- Biometric records
- Any information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.
In contrast, Non-Personally Identifiable Information (non-PII) is the opposite: it cannot be used on its own to identify a person. Non-PII can include IP addresses, cookies, and other data used to track a user’s interests and traffic, but not their private information.
Depending on the market and goals, direct mail can use both PII and non-PII to tailor its content. The most common form of direct mail, solicitation mail, uses name and address to communicate offers. Highly personalized and targeted mail (including statements and loyalty mailings) may also incorporate marketing data and PII such as account numbers, credit scores, or medical information.
What You Should Know Before Sharing Marketing Data
Companies are under pressure from stakeholders, regulators, and customers to maintain the confidentiality of the sensitive information entrusted to them. Trust is a large factor in deciding who is allowed to handle any kind of marketing data—before a company shares data with a third party, they must be certain that the receiving party understands its responsibilities to protect the data.
These are the three questions every company should ask before sharing or transferring data to their marketing partner:
- Who will have access to the data?
- How will the data be protected and how will it be kept separate from other customers’ data?
- How long will the data be retained and how will it be disposed of when no longer needed?
Both parties involved in marketing data transfer—the sender and recipient—share the responsibility for the protection and handling of data. Here are a few simple steps companies can take to ensure the security of consumer data from storage to handling to handoff:
- Before sharing any sensitive data with a third party, assess their security controls to ensure they take data security as seriously as you do. Execute an NDA and/or security agreement before sharing any sensitive data.
- Use strong encryption whenever information is at higher risk (e.g., during transmission over public networks). Encrypt data in motion (SFTP) and at rest (PGP).
- Use authentication that includes unique usernames and strong passwords to ensure only authorized users are allowed to send files outside the organization and to facilitate activity monitoring.
- Get confirmation that your files have been received by the appropriate party. Ideally, the platform will send automatic file transfer notifications to the sender and receiver.
No matter what kind of marketing data or information you’re dealing with—PII, non-PII, or both—you can never be too careful with someone else’s data. Verify your partner’s security practices, clearly define the proper use of the data, and embrace encryption. There is no such thing as “too secure.”
Subscribe to SpeakingDIRECT to have new articles delivered to your inbox as they post. We promise to keep it fresh and interesting.