Protect Your Email Program (and Your Customers) with Data Anonymization and Minimization
It’s in the news seemingly every other day: A business suffers a significant data breach and ends up losing hundreds of thousands (or even tens of millions) of data points on their customers.
In many of these cases, human error and weak passwords have resulted in brands accidentally leaving private data sets open to searching and indexing on the internet. (For instance, this hotel security system breach or the Equifax breach.) As a result, businesses are legally required to report this information to their local data protection regulators and the users impacted by the breach. And if the breach includes individuals’ personal data or sensitive corporate information, there’s the additional risk that it could be used for further probing or attacks against partners or clients.
For email marketers, worries about this sort of dire situation go hand-in-hand with the awareness that data is essential to modern customer engagement. You need data to be able to serve up the kinds of compelling messages that speak to your customers—but holding all that data has risks of its own when it comes to regulatory compliance and, yes, the potential fallout from a data breach.
But what if there was a way to protect yourself and your brand from total data meltdown in case of a breach? Think about that for a second. You can have your cake (all the data you need to power your marketing programs) and eat it (lower your risks in case of a breach), too.
Embracing Data Anonymization and Minimization
As marketers, we’re always looking for insights and trends when it comes to customer engagement, or wondering “What if” in connection with data. What if I collect this? What if I need this later? What if someone unsubscribes from my email newsletter? But for a lot of marketers, all that wondering has helped to turn us into data pack rats, prone to holding onto everything for years beyond the useful shelf life of the data itself.
That tendency increases the risks associated with a data breach. If you’re collecting everything you possibly can and hold onto it until the bitter end, you’re increasing the amount of personal data on your customers that could potentially be compromised if a breach occurs. But fear not! There’s a better way.
What is this nirvana I’m referring to? It’s called data minimization and anonymization. Think of it as the Konmari Method applied to your marketing and customer engagement data. With data minimization and anonymization, you get rid of the data you don’t need—and if you still need some of the data you’ve been holding, you think seriously about what aspects of the data you can trim and what you can keep safely.
Now, you might be saying, “But my six-year trend data, how would I manage that if I just started deleting stuff?” The truth is, it’s not as difficult as you think.
The core idea is this: don’t collect data that isn’t needed to support your marketing efforts, and stop retaining data when it’s no longer serving a clear purpose. The truth is, a lot of analytics use cases don’t depend on personal data—you can calculate a historical open rate for an email campaign without storing the underlying user data or even knowing which specific users actually opened it.
One benefit of removing data like names, email addresses, device IDs, or IP addresses (or not collecting them in the first place) when they’re no longer useful? If the information you’re holding onto doesn’t contain identifying data, when a breach occurs you’re just losing access to aggregate metrics and not personal information on your clients. You get most of the value from these stats—since they’re likely too old to use to personalize or enrich the emails you’re currently sending—without the personal identifiers, building in a good protective step.
Another key step? Determining when your brand is truly done with a particular unsubscribed, bounced, or spam-complaint-heavy individual. It’s always tempting to hold on a little longer in the hopes that they’ll have a change of heart, become an engaged recipient and loyal user. But if you’re negligent with your sunsetting policies and don’t get rid of personal data connected to churned customers, you run the risk that you’ll have to reach out to those individuals to notify them that their personal data has been compromised—giving them one additional chance to negatively impact your email reputation.
What if you don’t embrace data minimization and anonymization? What’s the worst that can happen? Well, here’s a real-life example: The data breach suffered by Cathay Pacific Airlines that led to 9.4 million passengers’ data being compromised, including passport and Hong Kong Identity Card information. Worst of all? The airline stopped using and collecting this kind of data 13 years before the breach—but never got around to deleting it.
Don’t put your brand in that situation. Protect yourself, your company, and your email subscribers by taking control of your data. Get rid of the out-of-date and extraneous information you’re not using that could be used against your brand and its customers in the future. It’s the smart, safe choice.
Looking to be more thoughtful about data privacy and security in general? Check out Braze Cofounder and CTO Jon Hyman’s look at establishing a data security roadmap.