Search This Blog

Monday, February 09, 2009


JUNK MAIL NEEDS REGULATION…AND NOW!


Two articles recently from junk mail industry publication, Direct, caught my attention, because they forecasted the possibility that more data breaches could eventually originate within that business. The first, “Why Direct Marketers Switch Jobs-Often,” quotes a recent study that says “…entry-level people work for 10 to 12 companies.” These are the folks that actually handle the processing of your names and personal data for junk mailers’ advertising campaigns. The typical employee spends about 2.8 years with a company, which isn’t unusual in the current marketplace.

So how can this potentially affect the mishandling of your names and private information? Part of the problem is obvious with the regular turnover of people serving in that capacity; training is limited and experience is short. In my 35 years as a list/data broker, I personally witnessed situations where data storage devices were laying out in the open at catalog companies, list/data brokers, and computer facilities where millions of consumer records were processed daily.

There is no doubt in my mind that security has increased at every level since the 2005 ChoicePoint debacle, but this is still an entry-level clerk’s position, and you do get what you pay for. Privacy Rights Clearinghouse (PRC), one of the country’s leading privacy advocates, has “A Checklist of Responsible Information-Handling Practices” on its website. The Direct Marketing Assn. (DMA) has its own “INFORMATION SECURITY GUIDELINES“ Any company, junk mail or non-junk mail that follows these guidelines would have a reasonably secure environment for its personal data.

As an example, they both recommend establishing a center for privacy control and putting one person in charge. PRC suggests doing penetration studies regularly to determine if the crooks can get through your security network. The DMA advises that junk mailers should insure that all third-party handlers of their data take responsibility for securing their data. Both PRC and the DMA stress making sure private information is secure in transit from one location to another. And herein lays one of the biggest dilemmas in junk mail.

Once again during my tenure as a list/data broker, although the clerk handling our list order(s) had a typed “ship to” address right in front of them, somehow in the process of transferring that to their list order instructions, they sent it to the wrong address. Since by the time we received confirmation of this it was out of their door into the hands of UPS or FedEx, it was impossible to stop. It was re-shipped but on occasion when we asked the clerk if they found the other data storage device, the answer was almost always no.

The second article from Direct was just as unnerving since it stated that nearly half of all junk mail companies have a hiring freeze, and 20 percent of them are planning to reduce staff. Obviously this is happening in all industries and cannot be helped in the down economy. Which brings me back to the headline, above, that accentuates the need for regulation. The government should establish guidelines for the handling of names and personal data by the mailing list business, much more stringent than those already on the books.

Billions of sensitive data records are handled by junk mailers each year, yielding these companies $4 billion of revenue on an annual basis. It’s time to put some of this back into protecting the consumer.

No comments: