I know a lot of people in the email marketing industry and at Email Service Providers. After this post I will probably have a few less friends but I guess I wasn’t born to be popular. Just like many of you, I have registered for several newsletters from MediaPost Publications. Every now and then I scan one like today’s Email Insider, featuring a post from StrongMail’s Ryan Deutsch.
The mail with the post called “Combating Pandora’s Inbox: Email Marketing After the Breach” caught my attention since it was obvious what it was going to be about: recent hacks and security breaches at some ESPs. So I was kind of curious what a distinguished blogger, working for an ESP that was not hacked, would say about that.
Ryan’s post basically is a “a wakeup call” for marketers to make sure that they protect their data properly instead of assuming that ESPs and other “third parties” have it all covered. “It’s a brand’s responsibility to take care that they don’t lose consumer trust by being vigilant”.
As Ryan writes: “companies affected by the security breach were quick to point the finger to a third party, but ultimately the responsibility lies with the brand. Consumers have a relationship with the brand, not the technology or the service providers the company sues”.
In other words: if shit hits the fan and consumer trust is damaged as a result, you should be aware that, unless you minimized all possible risks, “excuses matter very little” as Ryan puts it. Allow me to doubt that. But that’s not the topic of this post.
Many brands were hit by the latest security breach that happened at Epsilon, as Ryan mentions several times. One of those brands was McKinsey. They sent me a nice apology mail. I understood. Some probably didn’t. There is no such thing as a waterproof system that protects us against the malicious minds of others, not offline and certainly not online. But I guess that consumers must be too stupid to realize that, right?
Ryan mentions Epsilon a lot but he doesn’t attack them. He simply says that brands should be careful and assume responsibility. One of the ways to do so, Ryan writes, is to “ask for an audit from your IT department or from a third party if you currently outsource your email to an ESP”. If I didn’t know any better or was paranoid, I would see this as a hidden call-to-action, fortunately I’m not that stupid.
I know Ryan, just as I know the other EmailInsider bloggers: Kara, also from StrongMail, Chad from Responsys, Loren from Silverpop and many of the others.
They often post good nuggets of wisdom in a language they master much better than I do since it’s not my native.
Choose wise, think twice
Some things puzzle me however: why wasn’t Silverpop’s December hack mentioned?
And why does Ryan write “Before this month, hardly anyone knew who Epsilon was or how it worked with their favorite brands. That’s not the case anymore.”
Am I one of the few to know Epsilon? Is the McKinsey Quarterly the only newsletter powered by it? Apparently not since Ryan mentions Target and Citibank as well and I happen to know that Epsilon has a few more customers.
Ryan might be right that the Epsilon’s security breach (again, Loren’s Silverpop isn’t mentioned) has a devastating impact on email marketing in the consumer’s perception. Poor old email marketing, so often hit by social media gurus and dropping conversion rates and now this…
It’s your fault, brands. You should choose wiser. A respected blogger says so and the blog says he’s vice president of strategic services at StrongMail too. That must impress you.
My point? I read between the lines, I admit, sometimes wrongly. I like the people I know at StrongMail very much, I even did stuff with them. I also like some people I know at Epsilon. They don’t write on MediaPost though. I guess they have no nuggets of wisdom.
I might be wrong but this post, how innocent and relevant it may seem, leaves me with a sour taste in my mouth and makes me wonder about blogging ethics of all things. My rule of thumb has always been “never talk about competitors in sales, blogging or marketing, it’s unproductive and gives a bad impression”.
I’m not getting personal here but thinking out loud, believe it or not, on my small personal blog that is not MediaPost and hardly read.
So, am I wrong? Or paranoid after all? Or just European? That should be a valid excuse, no? Even if I have a security breach.
Good post JP!
Until it costs corporations dearly for breaches such as this, the situation will likely not improve by much. We all like to think we can self regulate, but the reality is that doesn’t happen very often in any industry.
Consumers either have to accept this kind of thing will happen and there is no such thing as personal data security online or they have to stomp their feet and pressure governments for strong legislation.
Corporate hive minds have a way of dousing initiatives which are well intentioned, but seen as a cost with no benefit to the bottom line.
I realize some will claim I’m being cynical, but on the contrary, I’m basing my opinion on corporate track records in this regard.
Regards,
jim
Pot:Kettle.
Sorry, but the blog post that you complain about was called “Combating Pandora’s Inbox: Email Marketing After the Breach”; yours is the one that mentions Epsilon in the title!
IMO some things are more important than marketing. My main concern is that Silverpop and Epsilon should explain exactly what went wrong, so the rest of us can protect against the right attack scenarios. Currently we all have opinions (mine is at the link) but only a few insiders know for sure:
http://blog.marketingxd.com/post/4305663645/phishing-and-email-preference-centers
Thanks for your comment, Pete. We’re in full migration from TypePad to WordPress now but I will surely reply. Scanned your post. Good one. Will explain why I write what I write: it’s not about the breaches as such. Your points on that matter are surely valid.