With recent high-profile scandals over the loss of important customer data, consumers are more nervous about revealing details about themselves. It's a double-edged sword as good customer data can be an important. Adrian Gregory highlights how to implement effective data security, data quality and regulatory compliance.
Customer Data is your most valuable asset. Don’t believe me? What would happen if your customer database was stolen or lost? Could you be fined £1m for losing a file of customer records like one building Society recently? How many customers do you upset with poor customer service and inaccurate and duplicate marketing? How much money do you waste on verifying and processing data? How many of your prime prospects are opting out from your marketing communications or simply haven’t opted in? And how much revenue do you generate by using customer data - or, more likely, not generate - because you can’t?
Data security breaches are constantly in the news. Already this year we have heard about the British Council’s loss of personal data on 2,000 employees; hackers stealing the details of 4.5m job seekers from jobs site Monster; US company Heartland Payment Systems reporting the loss of over 100m individual credit and debit card account details; and a health body in Belfast lost personal details on 8,000 patients.
The '2008 Annual Study: UK Cost of a Data Breach', undertaken by the Ponemon Institute and sponsored by PGP Corporation Research, found that the average total cost per incident had risen to £1.7m in 2008, up from last year's figure of £1.4m. On average, each lost customer record costs firms £60, a 28% increase on 2007's figure of £47.
DQM Group’s recently commissioned research has also revealed a slump in public confidence when it comes to organisations keeping personal details and data safe and secure. In fact, there were some astonishing polarities. For example, twice as many people trust their credit card company to keep their detail safe, compared with the trust they invest in government departments to do the same. It also shows a general decline in public trust over the last year, averaging around 8% across all types of organisation from public sector to financial services and social networking sites.
Repeated failure of organisations to effectively safeguard their data is driving increasing regulation. The Data Protection Act 1998 and the Privacy and Electronic Communications (EC Directive) Regulations 2003 are already in place to protect the rights of individual when it comes to how their data is used for marketing. And the ability of marketers to target individuals with their permission, by whatever channel, will become increasingly more difficult. Already, some marketers, especially in financial services, are finding up to 60% of their target market has opted out from receiving communication from them.
Reduce your exposure
With public confidence in data security therefore at a low, it is vital for organisations to have processes in place to prevent security breaches. To be effective, data security has to be at the heart of an organisation. That means drawing up an agreed policy around how data will be managed and protected, combined with metrics to indicate how well the organisation is performing against these goals.
Lessons for organisations can be learned from commercial data owners who use ‘seeds’ and regular audits to track data to ensure it is used correctly and, importantly, to catch any offenders quickly before any real damage is done. Similarly, do you pass your data to third parties for enhancement, analysis or simply to manage mailing campaigns? If so, are you comfortable that you transfer data in the most secure manner or that your third party has rigorous data security processes and procedures in place? Again, the process of auditing external data managers prior to supplying data might just be a sensible option.
Organisations must allocate specific budget for these solutions, whether involving internal audits, training, data tracking or third party auditing. The business case for such investment is easy to create, since data losses have direct financial implications, ranging from the cost of remedying the situation through to potential fines from regulators. Brand damage is a major factor too.
But what about poor quality data? In reality, it’s not really surprising that data can be poor considering the speed at which details change, especially business data. According to the Royal Mail Data Services, a business moves office every six minutes and closes down every four minutes. Also, the average marketing director stays in their post for just 18 months.
But the implications for ‘bad’ data can be enormous. These include lost customers, incorrect pricing, miscommunications to prospects and others, and, not least, failure to comply with key legislation such as the DPA, which requires you to maintain good standards of quality and can lead to hefty fines. These are likely to get much higher too.
Fixing bad data is not just a technological challenge. It requires careful planning, clear organisational responsibilities and awareness through the business of the importance of getting data right - and in a format that the company defines. Tips to help improve data quality include deciding on who ‘owns’ the data; understanding what applications depend on it; making sure you agree upfront useful measurement criteria and criteria that can be improved. Also, be clear of the rules and measures for suitable customer data.
Whilst you will never have perfect data, you will find that by taking some relatively simple steps and with a modest budget, substantial gains can be achieved – a clear case of the 80:20 rule.
The cost of compliance
Whether due to the growing awareness of national preference services (TPS, MPS etc), high profile incidents of data loss, communication overkill or the growing fear of identity theft, more and more customers are opting out of receiving marketing communications. This also comes at a time when corporations and their legal advisors are often more paranoid about getting it wrong.
The typical approach to preference management is an extremely cautious one, with an emphasis placed on compliance, especially when legacy systems and data are involved. Consumers too can easily be baffled by the legal wording of opt in/out statements and go for caution when, in reality, they would like to receive offers.
This is all potentially very bad news for marketers, particularly those in financial services where regulation is typically greatest and who are among the worst affected. Rumours exist where some financial services organisations are prevented from talking to 60% of their potential customer base due to regulatory compliance.
A positive approach to compliance with effective preference management and positive legal advice should be made a priority, as once a potential customer has opted out it becomes increasingly difficult to win them back. Not least, you can be confident that your competitors will have the same issues as you and by addressing compliance from a positive and proactive standpoint, you stand to develop a significant competitive advantage.
Whilst raising the major issues to marketers of data loss, poor data quality and increasing data regulation affecting marketers, there are lots you can do to mitigate the risks and use the problems as an opportunity to gain advantage and grow your business.
Your customer data is very valuable and needs careful governance. By recognising your customer data as the important corporate asset it really is, you’ll appreciate that the investment you make in protecting it isn’t just another cost but will really will help you unleash its value to really grow your business and build competitive advantage.
Adrian Gregory is chief executive of the DQM Group. In partnership with the Institute of Direct marketing, it has launched DataMeasures, a free data benchmarking service.