How to Protect Customer Data — and Your Company


Most of us have probably seen that commercial where the bank security guard stands idly by during a robbery, explaining that he’s just there for monitoring, not preventing. It’s a good illustration of how important it is for businesses to think about digital integrity holistically rather than one piece at a time.


Your online presence is the face your company shows the world. It’s your identity. And it tells customers as much about your credibility and integrity as any business strategy. Customers want to know that they can trust your content and what is behind it – that it says what it means, that it’s consistent, that it’s accurate, and that you stand by it. And they want to know how you’re going to protect the information they share with you.

Your online presence tells customers as much about your credibility as any business strategy, says @kpodnar.
Click To Tweet

While developing a digital policy may not be at the top of your things-to-spend-time-and-money-on list, it really should be because the consequences of not having a policy are scary.

HANDPICKED RELATED CONTENT: Identity Matters: How Content Strategists Build Trust and Loyalty

Why is digital integrity important?

Let’s start with data breaches since that’s the issue that captures the most headlines. From forensics and fines to lawsuits and lost time, the expenses associated with a breach pile up quickly. And that’s just the beginning.

A distributed denial of service (DDoS) attack, for example, could prevent you from conducting business for a time. And if the attack slows your site’s load time, your customers may not do business with you. Research shows that nearly half of all customers won’t wait more than three seconds for a page to load. They click over to a competitor – and a lot won’t come back.

Then there’s a general lack of confidence. How are customers supposed to trust you with their business when you aren’t even taking care of your own digital security?

How can your subscribers trust you with their business if you can’t guard their personal data? @kpodnar
Click To Tweet

Your online integrity is about a lot more than just protecting the audience’s personal information (although that’s important, too). It requires a multifaceted, holistic digital policy incorporated into your daily business processes.

Let’s look at what that means.

HANDPICKED RELATED CONTENT: The Democratization of Distrust Is Our Biggest Opportunity

Components of a holistic digital policy

Data collection

Brands slowly but surely have adopted a more-is-more mindset when it comes to data. The more data points, the better, right? Even at brick-and-mortar stores, it’s hard to make a purchase without being asked for name, address, phone number, email, or maybe even birthday. And, sure, your business can do a lot with that information in terms of market segmentation and analytics.

But … the more data you collect from your audience, the more you – and they – stand to lose if you suffer a breach. To put it in business terms, you need to do a risk-benefit analysis. If you’re truly using all the data you’re collecting – and the return on investment is worth the risk – fine. But if you’re collecting data just because you can, the risks quickly outweigh the benefits. Collect data only when it’s critical to your business.

Collect data only when it’s critical to your business, says @kpodnar.
Click To Tweet

Questions to ask:

  • What information do we collect from our customers? Where do we keep it? How do we secure it?
  • Who wants the data (marketing, product development, etc.)? What do they do with it? Could others within our company use the same information to increase the benefits, making the risk worthwhile?
  • What information do we really need to collect from our customers, and why do we need it?
  • How does each data point enhance or support our business model?

Data storage

The natural result of collecting a lot of data is the need to store that data. And stored data is a liability. Do you really need to keep email addresses and purchase histories from people you haven’t connected with in years? Customer data collection isn’t a situation for, “Well, it might come in handy someday.” The safest remedy is to store only as much data as is critical to your business.

It might help to think of it this way: Imagine you had a breach, and you’re in a face-to-face meeting with a customer whose personal data was stolen. How comfortable would you be looking that customer in the eye and explaining your need for each data point?

Questions to ask:

  • What data do we store? Is there a business justification for each data point?
  • Where do we store our data? Who has access to it? What security measures are in place?
  • What are the risks of keeping the data? Does the data include enough points to be personally identifiable? If so, what obligation do we have to our customers?
  • If we do need to store multiple data points, how long do we need to keep them? (For example, do we need to keep a customer’s email address and other information after the conclusion of a trial period?) What processes can we use to make that happen? Should data automatically be deleted after a certain time or should there be a human review process?
  • Are the servers that store sensitive data separate from our servers on less-secure networks? Or could someone access sensitive data by hacking into a less-secure device?

Regulatory requirements

One of the toughest challenges of operating in a global economy is sorting through the applicable rules and regulations. The United States, for example, has laws regulating the collection, use, and storage of customer information. Many states also have their own regulations, some of which are stricter than the federal laws. And it becomes even more complex when your business crosses national boundaries.

To gain a perspective on how complex a process this can be, think about cloud-based services, which are, by nature, independent of a geographic location. What does that mean legally? Do regulations regarding data kept in that cloud service apply based on where the company is headquartered, where it has physical locations, where the customers lives, or where the servers with all of the data are stored? Or all of the above?

This is one area where it’s critical to get professional guidance, whether from an attorney or from a digital policy expert. There are just too many moving pieces to carry that much risk yourself.

Questions to ask:

Prepare for your initial meeting with a professional by jotting down as many relevant facts and questions as you can come up with, such as:

  • How do we figure out which regulations we must comply with? For example, what if we have neither offices nor servers in a given country, but we do have users who live there? What if we have a shared server in a country but conduct no other business there?
  • How frequently do these regulations change, and what’s the best way to keep up with these changes and incorporate them into our digital policy?
  • What are the penalties for a first violation in any given jurisdiction?
  • How can we be sure we’re not breaking any country’s data privacy laws?
  • What are some best practices that other companies have identified?

Incident monitoring and response

Having a good digital policy won’t necessarily stop a breach from happening, but it will go a long way toward mitigating the damages. It’s important to have a crisis response plan that includes everything from the discovery of a breach to communicating the situation to your customers (as well as to any relevant legal agencies). Your policy should identify the person responsible for each step of the response plan and include frequent re-evaluation to make sure each person is still in the same job and knows what to do.

A crisis response plan details how to notify your audience if a data breach occurs, advises @kpodnar.
Click To Tweet

Questions to ask:

  • How do we become aware of a breach? Do we have systems that notify us immediately when unusual activity is detected, or do we only find out when we’re in crisis mode?
  • What do we do to stop an attack once it’s detected? Do the people responsible for mitigating an attack have the proper skills, training, and tools?
  • Who within the company needs to be notified, and in what order? If an attack is detected during overnight hours, can it wait until morning, or are there people who need to be alerted immediately?
  • If an attack is severe enough to cause a work stoppage, do we have a backup plan in place? Does everybody know what it is and how to launch it?
  • What regulations apply? Which authorities must be notified, and whose job is it to do that?
  • Whose responsibility is it to talk to the media?
  • What actions do we need to take on behalf of customers (such as notifying them that their data may have been compromised)?

External risks

As interconnected as businesses are these days, risks don’t exist only within your own walls. Any third party with access to any of your networks is a potential source of a breach. It’s important to think up and down your supply chain, and throughout your partner networks to make sure you’re not unintentionally creating a policy that for all practical purposes doesn’t really protect you.

Questions to ask:

  • What parties have access to our system (vendors, outsourcing partners, consultants, outsourced IT support, SaaS products, etc.)? What digital policies and security protocols do they have?
  • Does the external partner’s policy go far enough? Or have important questions been left unanswered?
  • Does the company follow the digital policy or does it just give lip service?
  • In the case of a breach that originates – intentionally or not – through a third-party provider, who’s liable? Whose response plan takes precedence? Who’s responsible for fines and customer compensation, if relevant?
  • Are the answers to the data security questions spelled out in our contracts?

Policy development

Gathering data is the first step. Getting the buy-in to create a digital policy and the authority to implement it is the next step. Usually, this process works best with a cross-functional team so that all interests can be represented.

Questions to ask:

  • Who are our stakeholders? Who will be affected by this policy?
  • What conflicting interests must be managed (such as legal vs. marketing)?
  • Do we have everything we need to know to craft a good policy? Is there anyone we forgot to include?
  • What could go wrong, and what can we do to prevent it?

Change management

Few people like change, and even fewer people like change that seems to be random and unnecessary. That’s even more true when that change makes a process more difficult and time-consuming. Selling the “why” of a digital policy is central to overcoming resistance.

Questions to ask:

  • Can we clearly and consistently articulate the importance of having a digital policy? (Hint: Employees are unlikely to accept “because our lawyers said so” as a compelling reason.)
  • Whose jobs are affected by these changes, and in what ways? What can we do to offset any unintended negative impact?
  • What might employees see as drawbacks of a digital policy, and what benefits can we communicate to counter that perception?

Plan implementation

This is where a lot of digital policies go wrong: Companies stop right before the finish line. But a policy never correctly implemented – or universally ignored – is riskier than not having a policy. That’s because a policy provides documented proof that your company was aware of the risks.

Data security plans go wrong when companies stop before the finish line (correct implementation). @kpodnar
Click To Tweet

Questions to ask:

  • Where does the policy live? How do employees know where to find it when they need it? Do they have immediate access, or do they need to ask for authorization to access the files?
  • Is the policy easy to use? Is there a table of contents that an employee can use to go straight to the appropriate section? Is it searchable?
  • Who can make changes to the document, and are people without authorization to change it technically prevented from doing so?
  • How can we make the policy easier to use? Can we provide employees with a checklist or wizard? Can we incorporate it into our business processes so that much of the compliance happens behind the scenes? How can we make it easy for employees to comply with the policy and difficult to violate it?


“Have a digital policy” isn’t something you can scratch off your to-do list. It’s an ongoing process that must be revisited over the years as people, processes, and technologies change.

Questions to ask:

  • How can we make sure our digital policy is being used? How can we track compliance?
  • What corrective action do we take if the policy is being violated (intentionally or not)?
  • How do we make sure our policy keeps up with changing circumstances and new threats?


If I had one wish for companies struggling with their digital policies, it would be to look at the situation holistically. Think of it like parenting: We don’t prepare our kids for kindergarten and then congratulate ourselves on a job well done. Raising a child is an evolving process, one that includes everything from nutrition to exercise to education to character – and sometimes, eventually, to babysitting grandchildren. While you might not feel the same passion for your digital policy as you do for your children, both require supervision, care, and nurturing.

Sign up for our weekly Content Strategy for Marketers e-newsletter, which features exclusive stories and insights from CMI Chief Content Adviser Robert Rose. If you’re like many other marketers we meet, you’ll come to look forward to reading his thoughts every Saturday.

Cover image by Skeeze via

The post How to Protect Customer Data — and Your Company appeared first on Content Marketing Institute.

Content Marketing Institute

Create CTAs readers can’t resist

Editor’s note: For this blog post, we asked Reid Yoshimoto, one of our email marketing experts, to weigh in on the best way to create compelling call to action (CTA) buttons for your email campaigns. Here’s what he had to say:

As a marketer, I’m always looking for ways to get our customers more engaged. As a result, I’m always testing. I test subject lines to see what increases open rates, I test email templates to discover what increases click-through rates, and I test call to action buttons to see what gets people to click on them.

Testing your CTAs isn’t difficult. Just put some thought into it first. What is it you want to test? What results do you want to see, and what do you want to do with the data? I’ve always put together a simple test matrix for any sort of A/B testing that I do, so it’s easy for me to track what I tested and what the result was. You can put together a quick and easy test matrix with a spreadsheet, naming your columns Date, Goal, Test Detail and Results. And remember, with any test, it’s important to change only one element at a time and keep everything else constant, so you don’t skew your results. Here’s a test matrix I used recently:


If you plan on running a CTA test, here are three simple variables to try:

1. Color

Blue or red? Green or yellow? Something else? I’ve used a variety of colors with emails campaigns we’ve created for our subscribers. Both red and blue have been effective in our campaigns. Pick colors that make the CTA the dominant element of the email, which will grab the reader’s attention. Text color is equally important — darker backgrounds require lighter text to make them stand out, and vice versa.

2. Text

Take a look at the content of your email. Is it a promotion? Lines such as BUY NOW or SAVE TODAY or even ADD TO CART encourage a customer to complete an order or take advantage of your offer. Is the email about educating your customer? Text such as LEARN MORE or READ MORE invites them to get information about your product in one easy click. Here are some text variations that we’ve tested:

3. Placement

Top or bottom? How many buttons should you put? Test, test and test again. Place a button at the bottom of one email, and place another button at the center of a different email. Remember your readers use a variety of devices to view your emails, so the seemingly obvious placement may not always be your winner. If you have two buttons in any given email, then try using color as your variable: one email with blue buttons, for instance, and one email with red buttons. Keep your test simple and, again, be sure to only test one variable each time. If you have too many variables in one test, then your results won’t be conclusive.

Set goals and ask yourself what you want to learn from conducting a CTA button test. Color can dominate an email, text makes an action clear and placement gives you a sense of where your customers’ eyes are. All the results you reap give you additional insights into your contact list and tell you how to ultimately encourage your customers to take action. Start testing today.

Join 140,000 small business owners

Get expert tips and email inspiration biweekly. Subscribe today and download our FREE Guide to Email List Management eBook.


© 2017, Reid Yoshimoto. All rights reserved.

The post Create CTAs readers can’t resist appeared first on Vertical Response Blog.

Vertical Response Blog

Kickstarter opens to crowdfunders in Japan

Kickstarter has opened its proverbial doors to creators in Japan.

Though people in Japan have always been able to back Kickstarter campaigns from around the world, those seeking to crowdfund their own projects have had to look elsewhere. Moving forward, the Kickstarter app is available in Japanese, with local customer support and project reviewers on hand.

Japan actually represents the third Asian market launch for Kickstarter after it landed in Singapore and Hong Kong last year. But with a population of around 130 million people, Japan is far and away the biggest of the company’s markets on what is the most populous continent on Earth.

So this is a notable launch from Kickstarter, which is now open to creators in 22 countries. The company is also adamant that it has enough brand recognition in the region to hit the ground running.

“Since our launch eight years ago, more than 300 creators in Japan have worked with collaborators in other countries to run Kickstarter projects, including a documentary about sake production, an action platformer from a legendary video game designer, and a toy robot that connects family members through voice messages,” noted Kickstarter’s director of international, Sean Leow, in a blog post. “In the same time frame, nearly 100,000 backers from Japan have supported Kickstarter projects from all of our creative categories and from all over the world.”

Founded out of New York in 2009, Kickstarter has emerged as the poster child for crowdfunding and has helped facilitate more than $ 3 billion in pledges, to date.

The Japan launch is the first new market since cofounder and CEO Yancey Strickler announced he was stepping down. The company has yet to appoint a successor.

Social – VentureBeat

Social Media Marketing News

A Quick-Start Guide to Video Content: Become Confident on Camera in 5 Steps

Videos are everywhere. They’re on your Facebook feed, your Instagram wall, and they also come up in search engine results. As a former TV journalist, I know that video is a powerful way to reach people — and being on camera regularly solidifies your connection with your audience. I had the pleasure (sarcasm intended) of
Read More…

The post A Quick-Start Guide to Video Content: Become Confident on Camera in 5 Steps appeared first on Copyblogger.


What You Need to Know About Visual Perception and Website Design

visual perception

There’s no lack of data to suggest how visual-oriented we are as humans. For instance, “90 percent of information transmitted to the brain is visual, and visuals are processed 60,000x faster in the brain than text.” Or this:  “65 percent of people are visual learners, and one of the best ways to drive messages home is through visual content.” This data helps explain why visual marketing has really exploded recently, and visual-centric content such as infographics are so popular. Seeing is one of our primary senses by which we intake information and understand the world. Basically, it’s a big deal….

The post What You Need to Know About Visual Perception and Website Design appeared first on The Daily Egg.

The Daily Egg

Why Are We So Afraid To Speak To Our Customers?

Often in business we get too bogged down by the numbers and forget the actual value of speaking with our customers and prospects. I’m not just talking about sending the quarterly customer satisfaction survey, I’m talking about undertaking full qualitative user testing and research to fully understand your customers. Since 2003, businesses and organizations have been able to gauge customer feedback by utilizing services such as Net Promoter Score (NPS) or online review sites such as Feefo and Trustpilot. In the case of NPS, after a transaction, the customer is presented with a form whereby they indicate their level of…

The post Why Are We So Afraid To Speak To Our Customers? appeared first on The Daily Egg.

The Daily Egg

3 Insights on the Impact and Future of Business, Marketing, and Sales Operations

Operations that you may never be aware of are occurring constantly across your organization through various processes and details. As a marketer, you’re likely most familiar with marketing operations, and hopefully, sales operations because of your partnership with sales, but then maybe less familiar with business operations. But when it comes down to it, operations and the people that power those functions are absolutely critical to the work you do and the smooth functioning of your business.

In a recent infographic, InsightSquared partnered with LinkedIn’s Content and Research teams to examine the basic characteristics of three critical operations roles—marketing operations, business operations, and sales operations. This blog will take a look at a few of the key findings and define some of the similarities and differences between the roles.

Operations 101

Marketing Operations

Regardless of whether you’re a marketer that leans more heavily on the art or the science of marketing, you need marketing operations (MOPS). A solid MOPS team is a critical resource to any marketing team and the broader organization. They operate at both a strategic and tactical level—working on key business initiatives down to day to day marketing activities. Some of their critical functions include managing the data and its flow in and out of your MarTech stack, acting as a liaison with other teams like sales, product, and engineering, and creating and enforcing guidelines for your marketing technology processes for team members.

Business Operations

Like marketing operations, business operations (BizOps) is critical to strategic and tactical functions of a business. There are tons of recurring activities that take place to help a business run efficiently and effectively and allow its leaders to make informed, thoughtful decisions spanning departments and processes. BizOps often sits at the center of those activities and helps by synthesizing data across the business into clear, and actionable insights. According to LinkedIn, this can mean coordinating complex sales and marketing strategies and evaluating the impact of those strategies on the bottom line. But, business operations do not stop there, as it often evaluates the success of programs against a long-term strategy, helps ensure transparency between departments, and report on top-line initiatives.

Sales Operations

Sales operations, like business operations and marketing operations, is a critical function to any business that sells something, especially if they have a sales team. Simply stated, sales and its processes are very measurable and tied directly to company revenue. With that in mind, and according to HBR, sales operations (SOPs) at most organizations is on deck to oversee sales performance—from territory alignment, customer profiling, to targeting activities, administer to the compensation plan and goal planning for the sales team, manage their CRM system and processes (and therefore work VERY closely with their MOPs counterparts), and provide data, analysis, modeling, and reporting for business review.

Key Findings

So, now with our understanding of how foundational our different operations groups are within our businesses, let’s take a look at some of the key findings of what it takes to be and hire operations professionals from InsightSquared and LinkedIn as they looked across thousands of data points.

Enterprises Invest More Heavily in Operations

There are more operations professionals at enterprise organizations, specifically very large enterprises than there are at their small to medium business counterparts. When I saw this stat, specifically the fact that the heaviest investment was in business operations versus marketing or sales, it made sense to me because larger organizations tend to have more disparate data and processes that need to be evaluated and understood in order to see the big picture. It was also interesting to look at the data and see that organizations in the 1001-5000 employee band seem to invest predominantly in sales operations while the next band, 5001-10,000 employees, invests more heavily in marketing operations. This may be indicative of the goals or challenges that organizations at these sizes face at this specific stages of growth.


There’s Not a Standard Certification

Now that you’re thoroughly convinced that operations are not only foundational to your success but probably a huge time-saver and resource you’re probably wondering, “How can I hire an A+ Operations person?”. Well, if you’re looking to hire an operations professional there are a variety of skills you can look for, but a standardized certification across business, marketing, and sales operations simply doesn’t exist. The data shows that while there are some certifications, a relatively low percentage of operations professionals get them and those that do seem to get them for their specific area of operations—for example, being a Marketo Certified Expert and working in Marketing Operations.

Industries are Investing in Operations at Different Rates 

Operations—business, marketing, and sales—seems like a fairly critical function for any business, but the data shows that some sectors are adopting and hiring operations professionals at faster rates than others, and it varies based on the type of operations professional you’re looking to add to your team. You’re probably not surprised to see Technology & Software sectors lead the charge on business operations and marketing operations, but you may have been surprised, like me, to see that they don’t when it comes to hiring sales operations professionals. In fact, Retail & Consumer Products leads the way for sales operations hiring. More interesting, the same industries don’t appear for each type of operations, indicating that they may have some ground to cover from both a data and insights and the people-hiring perspective if they want to achieve at their peak levels.

The last finding? There is a definite demand for operations professionals. With over 60,000 open roles on LinkedIn, it seems the time is ripe for someone looking to work in this field. And if you think about how much data marketers, sales teams and businesses sift through on a day to day basis, hiring people to help them digest, and interpret that data to make intelligent and informed decisions makes sense.

Interested in learning more about the data? Check out the full infographic here, or the original blog from its creators.

Did any of these results surprise you? Or, how do you see and understand the role of operations at your organization either similarly or differently? Share your thoughts in the comments below.


Marketing Nation Roadshow

The post 3 Insights on the Impact and Future of Business, Marketing, and Sales Operations appeared first on Marketo Marketing Blog – Best Practices and Thought Leadership.

Marketo Marketing Blog