How Marketers Can Keep Customer and Lead Data Secure

A topic that is not discussed nearly enough when it comes to marketing – especially small business marketing – is how to keep the data you collect about your leads and customers safe.

Yes, data security is partly a job for IT professionals to worry about. However, there are many ways that marketers should responsibly handle customer data on their end (or with the cooperation of their IT team).

Not only is the proper handling of your data a marketing best practice, but it’s also a matter of ethics: what does it say about you and your business if you mishandle information that customers and leads trusted you with? Your customers will eventually find out if your grip over their information is loose – and by that point, they’ll no longer be your customers.

Why should marketers care about the security of data they collect?

One way that many organizations collect personal information is through email signup forms. Retail giant Saks Fifth Avenue is no exception.

Unfortunately, just this month, Saks was called out for leaving customer and visitor information on unencrypted, publicly accessible web pages. This information had been handed over by trusting visitors who signed up for wait lists to purchase products. 

While it’s still too soon after this embarrassing and easily-avoidable marketing security snafu to discuss the consequences Sak’s will face, we can make some educated guesses.

When data is publicly exposed or gets in front of the wrong people thanks to poor handling practices, there can be significant consequences. Loss of consumer trust, loss of business, and, depending on the situation, even lawsuits could result from mishandling of the information the public trusted to share with you.

Remember the 2013 Target data breach that affected almost 40 million people? They settled lawsuits with customers and banks for over $100 million. Ouch. 

And what about the victims of these breaches? Well, it’s possible that you’ve already been a victim yourself. 2016 was a record year for data breaches, with Bloomberg reporting a 40% increase from 2015 in breaches suffered by US companies.  Some indicators you may have fallen victim to a data breach include:

  • Suddenly receiving emails you never signed up for
  • Having your account accessed by someone who shouldn’t have been able to login to it
  • Having credit card information stolen.

Having your personal information being used by someone else without your consent is a violation of privacy and trust that can cause serious psychological stress and financial damages. In short? It’s the worst.

How you can be a guardian of data

First things first: there is a major IT component involved with keeping this data safe. You must work with your technical team to ensure the proper systems are in place to securely store data.

That being said, there are ways that anyone responsible for marketing can better manage the influx of data submitted online. These include:

Add SSL to your website

Single Socket Layer — known more commonly as SSL — encrypts data sent between a website visitor and the webhost.

Why is this important?

There is a certain point in the data transmission process where neither the sender nor the receiver (that’s you) have control over the data sent. That’s because to get from point A to point B, information is going to pass through cable belonging to someone else, like your cable company.

When data is passing through someone else’s infrastructure, it’s essentially available for anyone (with the right know-how) to access. While we encourage everyone to use SSL (more on that in a moment), it’s absolutely critical for websites that collect information like credit card or social security numbers.

SSL works by creating keys that allows data to be encrypted and then locked prior to being shared and unlocked once it hits the receiving end. You can read a more technical description of how SSL works here, but the gist is that it puts security checkpoints throughout the data sharing process to ensure that only the intended recipient is able to access it.

So how do you get SSL?

Your web developer will need to purchase an SSL certificate and install it on your website. From there, they’ll need to update your site to use secure HTTP (“HTTPS”). Some web hosting companies include SSL certificates in their hosting packages; others will sell one to you for around $50 – $200. It’s a relatively low cost for an important layer of protection. You can find more information about HTTPS and how to get it here.

The good news is that SSL isn’t just useful for securing data – it’s good for SEO, too. Google now prioritizes HTTPS pages – those using SSL – in search results. If two otherwise identical sites were competing for a top spot in search results, but one used HTTPS while the other used HTTP, the secure (HTTPS) website would rank higher.

Don’t let data protection start and end with SSL

SSL encryption plays a major role in protecting data, but if it’s the only protection method you’re using, you’re not doing enough.

Encryption of client data stored on local computers, networks, or the cloud should also be encrypted. For example, the Microsoft Office suite allows files to be password protected and encrypted. Any files that contain customer information should put these measures into place.

When files with sensitive information are protected like this, you’ll be forced to pick and choose who has access to them. This is another great security protocol, as you reduce the chances of human error causing data to be accessed by uninvited parties.

Regularly clear email lists of inactive and opted-out contacts

Here’s a tip that even the least technical of us can manage: regularly clean out your email lists to remove inactive and opted-out contacts.

It’s easy to let your email list grow and grow. After all, it feels good to look at your list and see the large number of people who have all said yes to receiving emails from you!

However, after a while, some of those contacts will change their mind about their interest in hearing from you. Some will be explicit about their choice, choosing to opt-out of your list. Others will just stop opening your emails.

You should regularly check your lists for these types of contacts. Whether it’s once per week or once per month, review your contacts and remove everyone who hasn’t opened an email from you in a few months and haven’t been responsive to your attempts to reengage them (the exact time frame here will be dependent on how frequently you send emails) or who have manually opted-out. If you’re using an email marketing tool like HubSpot, you should be able to quickly and easily find this data.

Removing these contacts will protect both you and them if for some reason your database were compromised; if former contact information was leaked, those people would feel like your opt-out requests were not respected.

Once again, this security measure also has tangible benefits for your marketing execution.

Did you know that email providers are more likely to deliver your emails to the “spam” or “promotions” folders if a large portion of your recipients aren’t opening your emails? This safeguards users from actual spam (you know, the “I’m an African prince who will wire you $100,000,000 for sharing your social security number with me” type of emails), but can really put a dent in your ability to get in touch with your database.

When you regularly clean up your email lists, you’ll be sure you’re always contacting people who want to hear from you – and thus are more likely to open your emails. The result? You’ll be more likely to land in their inbox.

Set clear expectations about what you will do with data collected from customers

People generally trust that if they are handing over information to a company – whether they are signing up for an email list or purchasing a product – that their data won’t be used for anything other than that email or purchase.

Unfortunately, many people are surprised to find out their data has been sold to other companies. This happened to me last year: I purchased a pair of shoes online from store A, a store I had never shopped at before. A couple months later, I started receiving physical catalogs from another company I had never heard of, store B, but that was clearly targeting the same demographic of store A.

Before you chalk it up to coincidence, know that I’m not part of the demographic either of these companies target. The only way I could have been added to their mailing list is if store A had sold my data to store B. Thanks a lot, guys!

Needless to say, I’ve sworn off shopping with store A. (And store B? They never had a chance.)

It should go without saying that you should never, ever sell your client’s data (but I’m saying it again anyway, just in case). In fact, you should go a step further and communicate what you will do with client data before they share it with you.

Now that the U.S. government has voted to make it legal for internet providers to sell user browsing history, people are more concerned than ever about how their data is being used by the websites they share it with. If you plan to keep a safe guard over user data (which you should), you can ease the fears of your visitors by adding some copy to your registration or purchase forms acknowledging that you’ll only be using visitor data for internal purposes and it will not be shared with any third parties.

Never forget that data security is a marketing responsibility

It’s easy to think that data security isn’t the responsibility of marketers, but it’s simply not the case. While we may need to turn to IT professionals to do much of the heavy lifting, we should always be security-minded in the collection, storage, and usage of the information our leads and customer share with us.

Customers are the lifeline of your business; treat their data like your business depends on it (because it does).