Many large companies and government organizations have made serious errors while handling and losing Personally Identifiable Information (PII) about their customers. Often times they were stupid mistakes that could have been prevented.

Warning Tape Do Not Cross


  • Financial: HSBC (370,000), Bank of New York Mellon (4.5 million), T.Rowe Price (35,000), GE Money (650,000), Citibank (“millions”)
  • Healthcare: Horizon Blue Cross Blue Shield of NJ (300,000), BlueCross BlueShield of Tennessee (1 million), Staten Island University Hospital (88,000), Fallon Community Health (29,000)
  • Government: State of New Jersey, British Ministry of Defense (600,000)
  • Education: Georgetown University (38,000)
  • Other: Virgin Media (411,000)

Careless Behavior Exposes Your Business To Serious Liability!

Even if you are a small business, you cannot under estimate how important it is to protect the data you collect on behalf of your customers.

Personally Identifiable Information (PII) includes: name, address, email, phone, social security number, employer number, spouse/child info, etc.

Avoid These Stupid Mistakes

No matter how convenient it may be:

  • Do not email spreadsheets and data files with consumer information to clients or vendors. Data should be encrypted with a strong password and uploaded to a secure, password-protected transfer site (FTP, DataExchange, etc.)
  • Don’t email data to yourself, especially to your personal accounts (i.e. Hotmail, Yahoo, AOL, Gmail, etc.).
  • Do not take data files home. (As in the Horizon Blue Cross Blue Shield of NJ fiasco.)
  • Do not leave customer data on a portable device that can easily be stolen.
  • Do not email login credentials to your clients/vendors/co-workers. It’s safer to email the URL and leave a voice message with the username/password.

Be A Responsible Marketer!

Whenever possible:

  • Challenge your clients when they want to collect more information than is necessary to fulfill a promotion. Example: Collecting a postal address or phone number is not necessary if the brand never intends to mail anything to the consumer or contact them by phone. ZIP Code alone is sufficient for geographic targeting.
  • Educate your clients when they ask you to do such things you know to be bad business practices. We see so much turnover on the client side; and I’ve spoken with many junior managers that don’t understand the issues and tend to be careless due to ignorance and lack of proper training.
  • Report your clients to their superior. You should never compromise best practices due to client pressure.
  • Learn about your clients privacy practices so you can work with them as an effective marketing partner, not a vendor.

Our larger clients tend to have Privacy Officers and procedural policies. But the reality is their line managers are under extreme pressure to get things done and will cut corners at times.

Please don’t be cavalier about it. A simple mistake can put a client relationship at risk and cause unrepairable harm to a brand’s reputation.

Have an opinion? Please add your comment to this article. Thanks.