Personalized offers have become the hallmark of today’s direct marketing campaigns. But creating the highly relevant pieces that are driving response to new heights requires marketers to share customer and prospect data with their marketing partners. Those of us who are responsible for data security need to work together across the marketing supply chain to ensure data remains safe throughout the campaigns it powers.
IWCO Direct understands the importance of building a solid information security management program, and any company that values the security of their data should do the same. Our clients expect us to understand and implement the essentials which may include encryption and access control, as well as backup, deletion, and return of data. But even the strongest protocols can’t provide protection to sensitive assets once they leave those physical or virtual walls. That’s why it’s important to extend your information security practice beyond the limits of your organization by ensuring the marketing partners and other third parties with whom you share your data understand your requirements and treat your data with the sensitivity it deserves.
Three Tips for Sharing Data with Marketing Partners
- Before sharing data with any third party, understand your organization and the type of data that drives your marketing. Does your organization handle cardholder data? If so, the PCI standard may apply. What about healthcare information? Your organization may need to comply with HIPAA and HITRUST. How does your organization define its sensitive data and what steps does it take to secure it? Knowing the answers to these questions is an essential first step to ensuring your marketing partners are on the same page.
- When it comes time to share data with your marketing partners, ensure that you’re only sharing the information that each vendor needs to do its work. This will reduce the exposure of your data beyond what is absolutely necessary.
- Before sharing data ensure your requirements are formally defined, communicated, and agreed upon by your third party. This should include topics such as data transmission, usage and retention, and the right to audit. It’s important to validate that your data security requirements are being met by continually assessing your third parties. Depending on your organization’s approach to risk, this may include asking for certifications or questionnaires, or visiting your vendor’s sites on a regular basis to verify their controls in person.
If you want to take things a step further, ask about your vendor’s certifications and reports such as ISO, PCI, and HITRUST, which let you know that your vendor has been reviewed by a qualified third party and has met certain security requirements. These can be viewed as additional validation, supplementary to your own due diligence, that your vendor maintains an effective security program.
Subscribe to SpeakingDIRECT to have new articles delivered to your inbox as they post. We promise to keep it fresh and interesting.