And that problem is security.
Much of what marketing does is build profiles of customers by collecting huge amounts of data on every customer. That data collection is facilitated by compliant customers that provide all sorts of personal data just because they’re politely asked by a retail clerk.
There will always be people who comply with data requests, but I expect more customers to be wary of sharing information at the register.
I’m not the only one, a recent NY Times blog post from one of their security researchers: Stop asking me for my email address. She discusses how much information companies ask for and how complacently consumers hand it over without asking about security.
The point is that no company is secure. None of them. Not when they are up against an increasingly sophisticated, elusive enemy. But the problem is not just retailers, or technology companies or hackers, it’s us.
We regularly hand over data simply because we’re politely asked. We don’t read privacy policies, or ask companies whether our email addresses and passwords will be “salted” or “hashed,” encrypted with long or short keys, or whether those keys will be stored on separate systems from the ones they can unscramble.
The underlying problem is that marketers and the companies they work for, are not taking security seriously enough. The collection of reams and reams of personal data, from PII through to email opens and clicks, makes this data a prime target for criminals.
It concerns me that security breaches are getting bigger and taking more data and affecting companies with large customer bases.
Security has to become a bigger priority for companies.
Having given out a lot of tagged addresses over the past decade, I can report that some companies are much, much better than others. The Wall Street Journal leaks, the NY Times doesn’t. The Economist leaks, the Atlantic Monthly doesn’t. TD Ameritrade leaks so badly they got on the losing end of a class action suit, Vanguard doesn’t. In each of those cases, the leakers have leaked at least two separate addresses each.
I’ve never been able to discern much of a pattern so I’m assuming it’s a reflection of how competent their database managers are.
I can confirm that the Wall Street Journal leaks. I have a subscription to the electronic edition. They leaked my tagged email address to a Latvian-based stock pumper. :/ I reported it to the WSJ as a security breach and changed the email address on my account. The old address is now one of my more productive spamtraps.
Unfortunately I can’t be sure what *else* the WSJ leaked. :/
United Airlines leaks and lies about it. TD Ameritrade has leaked at least 4 of my email addresses (each created after the previous one leaked).
ESPs have leaked on behalf of their clients.
The only way to provide sufficient encouragement not to leak is to allow those whose email addresses are leaked to collect statutory damages.