I attended – those were the days – a two-day seminar which was headlined as ways to avoid the habitual problems of SMEs. The various mistakes made by other companies were covered. It had particular relevance to email marketing as it focused on data security.
Let me put you out of your misery with regards to what I was referring to in the title, although it’s not particularly reassuring. It appears it is the person in charge who is the biggest danger; you in your case, me in mine. There was an upside. The course gave us methods of dealing with our own errors, which was basically to protect everything essential, and if we didn’t know if it’s essential, protect it.
For anyone in charge of an email marketing company, and in possession of the masses of personal data that goes with it, how data is secured is critical in limiting the possibilities of danger. There is help at hand. Privacy enhancing technologies (PETs) are ways of using systems to minimise the risk of a data breach. While they may seem a bit bewildering, some have been in existence for some time, and 
you are, hopefully, using a number already. We see it daily with, for instance, the redaction of credit card digits apart from the final four.
If you are using older encryption technologies to secure data in transit and when stored, maybe opting for a token vault, then you should be looking at PETs now. The technology is readily available, which to pick being the only consideration. Given there is nothing more likely to destroy your company and your trading base, not to mention the data on your email marketing list, than lack of security of your data, not to do so is nonsensical. Such a breach will harm all of us.
We are all aware there’s no encryption scheme which promises to be a complete defence against a motivated attack on our data. Data mining systems are sophisticated, forever probing for weaknesses in our procedures. We have to use more modern techniques in order to react quickly to threats as they are revealed. The ICO has a number of events and requests for feedback on the threat. It’s seeking views on anonymisation, pseudonymisation and privacy enhancing technologies. See: https://ico.org.uk/about-the-ico/ico-and-stakeholder-consultations/ico-call-for-views-anonymisation-pseudonymisation-and-privacy-enhancing-technologies-guidance/
Be aware the reading matter, in 3 x pdfs, is some 18,000+ words long.
There’s little doubt that PETs are a vital next step but, according to the ICO, PETs adoption is low. Yet there’s little point in waiting for a breach before installing the best security systems available.
The cost to your own company, and to email marketing as a whole, of a data breach should ensure you take all necessary precautions to secure the information on your email marketing lists. If your systems were established some time ago, it is probable you are in danger of a breach. Failure to secure data undermines the confidence of your subscribers, and you could be heavily penalised.
You should check out PETs, and soon. Effective systems are the cheaper option.
