Email Address Guardianship: Whose Responsibility Is It Anyway?

Last week’s headlines about the massive theft of 53 million email addresses from Home Depot seems the straw that broke the camel’s back when it comes to 2014’s barrage of data breaches. The year has seen a veritable flood of hacks and breaches at retailers (Target, Best Buy, eBay) restaurants (PF Chang’s, Subway) and even financial institutions (JP Morgan Chase, Bank of America). The verdict is clear: no data protection system is foolproof, and when it comes to data theft there is no sacred ground – hackers will take all the personally identifiable consumer information (PII) they can get.

In the pecking order of consumer data, credit card numbers and account passwords trump email addresses due to the immediate financial gain and fraud possible.  Besides, when it comes to your email address, how many companies already have it from you voluntarily? If you’re the average consumer, easily tens if not hundreds to the point, I fear, that consumers have become blasé about emailaddress theft.

At best, a stolen consumer email address generates a temporary barrage of spam easily blocked by filters or manual feedback (just tell Gmail “this is spam” and it quickly adjusts deliverability). At worst,email addresses pilfered in combination with log-in credentials or credit card numbers create account hacks remedied with a password change. Which according to experts, we’re all supposed to be doing religiously every 60 days or so (for – right – our multitudes of disparate accounts). But how many of us can even remember or organize our account passwords for retailer and brand on-line shopping sites, let alone remember to update them?

Password management and change tools aren’t known to many people and raising awareness of them is a challenge. So at least today, the onus falls heavily on consumer shoulders to protect the sanctity of their email addresses and in-boxes. But should it rest there alone? I say no.

Home Depot Needs Help

With every additional breach and hack, it becomes more apparent that we, the industry of data-driven marketers and database providers, need to step-up security. Brands can’t do it alone, but need stewardship from organizations like the DMA and its vendor-side members to make the investments in technology and process that are needed with increasing urgency in today’s hacker-rampant world.

There is plenty written about what consumers can and should do to protect their PII such as social security numbers, phone numbers, credit numbers and email addresses. Yet the fact remains that hackers are a determined bunch – they won’t stop trying to nab these goodies. It’s time for data-driven marketers and industry vendors alike to take email address and related data protection more seriously, as well as lead and teach consumers how to become well-educated guardians of their information by proactively giving them the tools and know-how to do so.

Home Depot’s email notice and apology to subscribers appears below (click image to enlarge). It stops far short of consumer education but does at least provide direct outreach to the company via  toll-free number:

A Collaborative Approach

So what can we, as major brand marketers and industry thought-leaders, do to remedy the situation and empower consumers to become better inbox – if not overall – personal data guardians? Here are a few thought-starters, but I’m confident upcoming industry events (such as the eec’s  Email Evolutions conference in February 2015) will explore and surface many more:

1)   Brands should inspire consumers to value their PII and empower email subscribers to protect addresses. Proactive communications about account protection, password change prompts, and even re-verifying and renewing email address permission on a regular, recurring basis need to become a regular part of the customer messaging mix.

2)   Both brands and vendors should collaborate to increase consumer awareness of data and password protection tools such as LastPass or products like McAfee LiveSafe.

3)   Marketers and marketing data providers alike should develop plans for mitigating damage post-hack, including strong and transparent direct-to-consumer (as well as media) communication strategies

Despite the relatively-lower value of an email address compared to a credit card number, social security number or account password, I maintain that if we as an industry do not begin to take email address data breaches more seriously, we’ll diminish the effectiveness of channel for both marketers and consumers. Let’s shine a spotlight on collaborative ways to enhance data guardianship that involve and empower all parties – brand marketers, consumer marketing data providers, software vendors and consumers alike – to stand a fighting chance against the growing hacker onslaught.

Struggling with an email list, data or marketing issue ? Get help via a free consult.

This post originally appeared on the DMA blog here.