Lynda Partner’s Marketing Morceaux

When I was researching the pro’s and con’s of paper-based lead capture vs electronic lead capture, I was especially taken with the security risks associated with paper. While we’ve all been operating with paper forever, its only since identity theft and spam that data security has become a major issue.

I truly believe that it won’t be long until using paper to capture personal information will be forbidden, first by financial institutions, and later by all credible organizations. Here’s why…

In Dec 2008, paper forms belonging to an Oklahoma business that handles home loans were found strewn along a fence line not far from the company’s headquarters. These documents included some customers’ account numbers, bank and personal account holder info, wire transfer numbers and much more. Yes it was an accident, simple human error but it continues to cause huge PR problems for the company, and it is certain that the loss of customer confidence will have a financial impact for a long time to come.

It’s not a big stretch to imagine how paper lead forms used at events to capture consumer contact and other info might also be misplaced. Given the type of data most of us collect at events, the loss of the leads would be the least of your worries!

Consider for a moment how many different people handle your paper leads and how it’s impossible for you to know for sure that none of have gone missing. Replacing paper data capture with electronic data capture minimizes the probability that this could happen to you, effectively eliminating the hundreds or thousands of pieces of paper containing personal consumer information – papers that must be gathered up and transported to a data entry location.

But moving to capture data electronically is not the final answer.

Also in December 2008, Hewlett Packard reported that a laptop computer was stolen from an HP employee. It contained personal information about some of the company’s employees, including their names and social security numbers. The computer was protected with a username and password.

Not good enough! If you are using electronic devices to capture personal information about consumers make sure the vendor has secured the devices. They should at the very least encrypt all consumer data stored on the device so that even if the device is stolen, nobody will be able to “see” any personal information stored there.

Lastly, the data captured on those devices has to get from the devices to you, and it’s journey can be fraught with opportunities for data to go amiss. In the ideal world, nobody should be able to get the data off the units, it should only be sent (encrypted) over a network (wireless or wired) and the system should ensure that it can only be delivered to one destination.

You might think that once the data is off the devices and at your service provider that all is well, but the need for diligence continues. In September of 2008, mortgage firm Countrywide experienced a security breach. A former employee was arrested and charged with stealing sensitive personal information from Countrywide’s computer files and selling it to mortgage brokers to be used as sales leads. The FBI stated that as many as 2 million people may have been affected! Ensuring that your Data Capture vendor has rigorous system and process security measures in place is critical to your protection.

In summary, replacing paper data capture with electronic data capture can significantly minimize the risk of consumer information being lost or stolen but it is imperative that you pick the right data capture vendor to work with. The right vendor is someone who has a clearly articulated Data Security Plan that addresses physical, system and process security measures to protect your data, someone who has an audit process in place who can track each piece of data collected to prove that they all reached their intended destination, and someone who has a defined Information LifeCycle Management Plan to ensure that all your data is managed corrected and deleted when you want it to be.

Unfortunately horror stories of breaches are all too common, see www.nymity.com for just a few examples. Most companies take action far too late – better to act now to prevent a problem than to have to react if you vendor partner simply didn’t know how to protect a very important asset for you.