Aug 26 2008
What is personal data worth?
Sometimes two inter-connected stories hit the press on the same day and even the least cynical amongst us must cock an eyebrow in a conspiracy-theory-sort-of-way. Well today is one of those days - firstly it emerges that a computer with personal details of more than one million people (including their account numbers and signatures!) was sold on Ebay for £35. Then, seemingly out of the blue, the Local Government Association launches a campaign to stop access for direct marketers to the electoral roll. Selling addresses from the electoral roll to junk mail companies harms democracy, no less. Add the two together and the conclusion is clear - marketers don’t value personal data and the governement should restrict access to it.
Let’s take each story individually. The computer story seems to involve a catalogue of errors. A company was contracted to archive data for Royal Bank of Scotland. An individual who worked for the company was allowed to take home a decommissioned server. He subsequently sold in on Ebay where the buyer was an IT expert. What’s incredible about this is that no-one in this chain seemed to think that this personal data should be protected. And this from the banking industry that is now telling companies that their data must be protected and encrypted in order to achieve PCI compliance.
The electoral roll story is a bit more obtuse. Any battle against junk mail is bound to receive public support but this one seems to have come about because the hard-pressed Electoral Administrators find it ‘fiddly’ to maintain two registers and don’t earn enough in fees to cover the inconvenience. My initial thought was that, more than anything, council tax avoidance probably undermines the electoral roll, and 24dash.com lists a number of other oddities with the story. And if the electoral roll allows marketers to increase relevancy, then surely it reduces the possibility of junk. But that’s a fine point that few will be interested in.
So there’s no conspiracy then. But the fact remains that personal data is valuable, both to criminals and to marketers (there are no other connections between the two that I’m aware of). And it’s a story that generates PR, but normally of the negative variety.
As a direct marketing consultant, my advice to clients is simple. Customers trust you with their data and you should respect it. Some of the steps to PCI compliance are fiddly and irritating but its logic is unarguable and you should be doing most of it anyway. Direct marketing (a.k.a junk mail) has a poor reputation and we should do nothing to tarnish it further. We owe it to ourselves and our customers.