John Wood of Telos Corporation provides an inside look into the Virginia Cyber Security Commission, established by Gov. Terry McAuliffe in 2014.


Shortly after taking office in 2014, Gov. Terry McAuliffe signed an Executive Order establishing the Virginia Cyber Security Commission “to bring public and private sector experts together to make recommendations on how to make Virginia the national leader in cyber security.”  It was my privilege to serve as a member of the Virginia Cyber Security Commission for the past two years, and I want to commend my fellow commissioners for their contributions, particularly Co-Chairs Richard Clarke and Secretary of Technology Karen Jackson, as well as our executive director, Rear Adm. Bob Day (Ret.).  With the Commission’s two-year authority ending this spring, it’s a good time to look back on what was accomplished and to see what’s next.

Being on the Commission was an eye-opener in many ways. The Commonwealth faces numerous and evolving challenges in the battle to secure state and local government networks, and to help protect the private sector and citizens of Virginia.  I was incredibly impressed with how open and honest our discussions were as we explored many complex issues.  This includes not only commissioners but the Governor’s appointees and other state employees who were party to our discussions – they were remarkably candid with us about the serious threats Virginia faces in cyber space and what actions are needed. We heard from and worked with representatives from state and federal law enforcement, the Virginia chief information officer, and other state government information security professionals. It was refreshing to hear such blunt assessments of our vulnerabilities – there was no “bureaucratic” caution, probably because the threat is so real and so immediate.

The Commission served to shine a bright light on the challenges facing Virginia. We made a number of recommendations that led to subsequent actions by the Governor and General Assembly, improving Virginia’s cyber security posture.  Moreover, our activities have better positioned Virginia’s cyber security sector to be a vibrant national leader. These results are consistent with the Governor’s desire to “grow this key industry, keep Virginia’s cyber assets safe and create new, good jobs here in the Commonwealth.” 

I urge everyone to read the report issued last summer by the Commission.  It notes some of the recommendations that were already accepted by the Governor and adopted by the General Assembly, such as new laws to help prosecute cyber crime and put in place other policies to better protect Virginians.  More importantly, the report raises a number of issues that require further work.  The effort must continue – there is much to be done, and Virginia’s public and private sectors must continuously work together to illuminate the changing threats we face and to swiftly take appropriate actions to address them.

It was gratifying to see how easy it is to get things done when people work together to find consensus.  The Commission explored problems and made recommendations, and the Governor and General Assembly took action.  That’s the way government is supposed to work.

At the same time, I saw how difficult it is to get things accomplished when competing agendas battle for the same limited pool of resources. That was my biggest disappointment.  In our report, we identified a real need for dedicated funding to promote collaborative cyber security research and development between the higher education community and private sector. That course was endorsed by the members of the General Assembly’s own Joint Commission on Technology & Science (JCOTS), which recommended $5 million to fund this effort. But this bi-partisan recommendation was set aside in Richmond, at least for now, because there were simply too many R&D agendas fighting for the same pool of money and attention.  I am hopeful the Governor and General Assembly will return to this because I firmly believe, as do many of my fellow Commissioners and the members of JCOTS, that collaborative R&D will be a key element in our drive to grow the industry and make Virginia THE leader in cyber security.

One final note: cyber security does not recognize man-made, political boundaries.  In that light, we in the technology sector should be looking at where other companies and other states are making investments (like in R&D), and see where we might do the same. Similarly, I hope the Commission’s work will set an example for other states, and help to chart a path for Gov. McAuliffe to pursue greater cooperation among the states.  I know he is interested in making intrastate and interstate cyber security a major focus during his upcoming term as chairman of the National Governors Association, and Virginia’s cyber security leaders in the private sector should support his efforts in any way we can.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

This week on NVTC’s Blog, Business Development, Marketing & Sales Vice Chair Jenny Couch of member company Providge Consulting shares critical changes to the IT landscape that your healthcare organization needs to have on its radar.


These days, technology seems to advance too rapidly for most of us to keep up. It’s certainly moving too rapidly for organizations to keep up with every single one of the “hot” trends.

healthITIn the noisy field of today’s latest tech, it’s all too easy to get caught up in the buzzwords and lists of “This Year’s Hottest IT Trends”, and miss the truly critical changes to the IT landscape that your organization needs to have on its radar.

The healthcare industry is uniquely positioned to be impacted by a convergence of critical IT trends within the coming years. But with budgets decreasing, and resource pools shrinking, it’s more challenging than ever to prioritize IT needs within the healthcare space.

We’ve highlighted the top five technology trends healthcare organizations must have on their radar in 2016.

  1. Cloud computing. Whether it’s a pharmaceutical company needing to store large amounts of data from clinical trials, or a hospital with a newly implemented EHR system, healthcare organizations of all kinds are increasingly turning to cloud computing for a variety of uses. According to Healthcare Informatics, the global healthcare cloud computing market is expected to reach $9.5 billion by 2020. And 83 percent of healthcare organizations are already leveraging the cloud. Only 6 percent of organizations have no plans to take advantage of the cloud in the coming years. If you’re in that 6 percent, it’s time to reconsider your plans. Cloud computing can be used to decrease costs, improve access, and create a better user experience for any healthcare organization. But, it’s critical that your organization take a strategic approach to moving to the cloud. Learn more about how you can leverage the cloud to best support your organization here. 
  2. The Internet of Things. Take a look at that FitBit on your wrist. Think about the incredible amount of data that one tiny device is generating constantly. The number of steps you take, the calories you burn, your sleep pattern, the stairs you climbed. These devices get more accurate and more intricate with every passing day. We are not far off from a future when we’ll be able to monitor nearly every aspect of our health, and the health of our loved ones without setting foot in a doctor’s office. Healthcare organizations will have to find a way to address what will be tectonic shift in how care is delivered. Communication methods will need to be established to collect the data generated by wearable and mobile devices. Methods for collecting and analyzing the influx of data will need to be developed so patterns can be identified. The manner in which treatment is delivered will have to change as we move away from the traditional doctor’s office visits, and into a world where a diagnosis can be made through analyzing the information generated through a patient’s mobile device, car, appliances, wearables, etc. And while this future may not quite be a reality, it’s coming soon, and healthcare organizations need to start preparing today.
  3. Data Explosion. Big data. Data analytics. Whatever term you use, the unparalleled rise in the amount and accessibility of data over the past few years is certain to have a massive impact on the healthcare industry. The explosion in big data occurred so quickly that 41 percent of healthcare executives say their data volume has increased by 50 percent or more from just one year ago. 50 percent in just one year. This incredible increase in data will allow medical professionals to more quickly and more accurately diagnose patients, but as with the Internet of Things, it will require fundamental shifts in how data is managed and how care is administrated. Healthcare organizations will need to train, or hire a workforce with the right data analysis  and medical skill sets. Regulations, processes, and platforms will need to be developed or implemented. Healthcare organizations who ignore this trend do so at their own peril. For as Accenture notes in a report released earlier this year for those who take advantage of the wealth of opportunity within big data, “Greater operational excellence and improved clinical outcomes await those who grasp the upside potential.”
  4. Efficiency in IT. If you haven’t heard the phrase “Doing more with less”  in the past few months, it’s probably time to climb out from under that rock you’ve been living under. With healthcare spending wildly out of control in the United States, every healthcare organization from physician’s offices to the largest hospital chains are being asked to do more with less. IT is a particularly ripe area for cutting costs, and resources. In 2016, the emphasis on doing more with less in IT will continue. Expect to see IT departments pursue options such as moving to the cloud, outsourced managed services, and bring your own device to help decrease IT operating costs.
  5. Cybersecurity. In 2014, 42 percent of all serious data breaches occurred at healthcare organizations. Sadly, this trend is certain to continue its upward trajectory in the coming years. Healthcare organizations who have not adequately upgraded their systems, and developed a thorough cybersecurity strategy are especially vulnerable to attack. Now is time to evaluate your systems, processes, and resourcing. Make sure your organization is positioned to proactively protect against attacks where possible, and identify and respond rapidly to breaches when they do occur.

Planning your 2016 health IT projects and priorities? Looking for a partner that will truly understand the challenges you are facing and the need to ensure success? Get in touch with us today. Our experienced health IT experts know the obstacles you face, and are ready to partner with you to deliver your projects on time, and on budget in 2016 and beyond.


Jenny Couch

This post was written by Jenny Couch. Couch is a project management consultant, and Providge’s Business Development Manager. She loves efficiency, to-do lists, and delivering projects on-time and on-budget.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

This week on NVTC’s blog, Kathy Stershic of member company Dialog Communications shares her final thoughts of her Brand Reputation in the Era of Data series.


Over the past few weeks, I’ve outlined 8 Principles that will help marketers protect and strengthen their brands in an era of radical change, where there is great temptation (and quite likely management pressure) to push boundaries further than ever before. Throughout this time and many preceding months, I’ve had countless conversations with people about the state of their data as well as the modern conveniences upon which they’ve come to rely. I’ve heard a Big Data expert actively advocating for stretching the law (or hinting at crossing the line) for the sake of competitive advantage. I’m sure he is not alone in that opinion. We are, all of us, currently in the Wild West.

While technology is accelerating what’s possible, the ideas outlined in the 8 Principles come back to common fundamental and timeless human needs that will outlast every wave of technology: People protecting what’s theirs, seeking respect and dignity, wanting control of their lives, enjoying freedom and avoiding harm. The brands they will choose for anything more than a one-time experience will be those who understand those concerns, and actively work to enable them.

There is more to brand reputation than being the app of the moment. Not every new thing will be transformational. But businesses who innovate as well as who truly respect their customers and actively work to earn trust stand a far greater chance of longevity than those who rely on buzz about the shiny new object, or who exploit to maximum advantage thinking the ‘sheeple’ won’t notice. It will take work. It will take awareness. It will take intention. It will take courage. And it will take leadership.

Eventually today’s Wild West will give way to a more mature market dynamic. Embracing these 8 Principles may help ensure your company is there when that time comes – or even leading the way.

Brand Reputation in the Era of Data – Principle 1: Empower Customer Control
Brand Reputation in the Era of Data – Principle 2: Be Clear and Accountable
Brand Reputation in the Era of Data – Principle 3: Do Everything You Can to Protect Customer Data
Brand Reputation in the Era of Data – Principle 4: Mind Your Partners!
Brand Reputation in the Era of Data – Principle 5: Practice Customer Empathy
Brand Reputation in the Era of Data – Principle 6: Comply with All Applicable Laws and Regulations. Then Exceed Them.
Brand Reputation in the Era of Data – Principle 7: Apply Technology Thoughtfully
Brand Reputation in the Era of Data – Principle 8: Actively Demonstrate Respect for Your Customers

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

This week on NVTC’s blog, Kathy Stershic of member company Dialog Communications continues her Brand Reputation in the Era of Data series by sharing principle eight: actively demonstrating respect for your customers.


The final of these 8 Principles clarifies a concept implied across the other seven. To become and remain a successful brand, businesses must actively demonstrate customer respect. Just saying ‘We respect our customers!’ is not enough. Prove it.

This can take many forms, from being transparent and honest about data collection and sharing practices to moderating your outreach below the annoyance level to integrating this attitude into your culture and policies – and many other opportunities mentioned through these posts.

Disrespectful practices were often brought up in the comments I’ve gotten. One respondent noted that “I want to feel like a vendor respects my data as much as I do.” People do not like bait-and-switch, confusing changes to privacy policies or anything that feels sneaky. They don’t like the burden of responsibility to stop something, like too much email or too many pop-ups. When everyone is tired or busy from their own lives, wearing people down or hoping they won’t notice might produce a short term win, but not long-term loyalty.

Having a straightforward dialog with your customers – even the ones who are unhappy with you – is another way to show respect. Everyone messes up – own it! Apologize, make it right and move on. If it wasn’t your fault, but there’s a small cost to making someone feel respected anyway – do it! Nordstrom figured this out a long time ago.

Nothing about customers wanting to feel respected and treated fairly is new. What is new is the exponential increase in vendor relationships enabled through technology. With the tremendous choice the modern customer enjoys, utility, benefit, quality and value are now table stakes. A differentiated and trusted experience, that includes feeling respected, is what will stand out. Someone’s choice of your product or service is a privilege. One of the best quotes from the respondent feedback sums it up: “Respect the customer and the customer will respect you.”

Brand Reputation in the Era of Data: 8 Principles for Responsible Data Stewardship That Won’t Kill Your Customer Relationships
Brand Reputation in the Era of Data – Principle 1: Empower Customer Control
Brand Reputation in the Era of Data – Principle 2: Be Clear and Accountable
Brand Reputation in the Era of Data – Principle 3: Do Everything You Can to Protect Customer Data
Brand Reputation in the Era of Data – Principle 4: Mind Your Partners!
Brand Reputation in the Era of Data – Principle 5: Practice Customer Empathy
Brand Reputation in the Era of Data – Principle 6: Comply with All Applicable Laws and Regulations. Then Exceed Them.
Brand Reputation in the Era of Data – Principle 7: Apply Technology Thoughtfully

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

This week on NVTC’s blog, NVTC member company Kathy Stershic of Dialog Communications continues her Brand Reputation in the Era of Data series by sharing principle seven: applying technology thoughtfully while preserving customer data. 


Recently, Chapman University published the results of its survey America’s Top Fears 2015. Respondents were asked their fear level about different factors ranging from crime to disasters to their personal futures. FIVE OF THE TOP TEN THINGS PEOPLE FEAR ARE RELATED TO MIS-USE OF THEIR DATA! That includes cyber-terrorism, corporate tracking of personal information, government tracking of personal information, identity theft and credit card fraud. That’s out of 88 possible things to be afraid of!

There is a tidal wave of automation being applied to data collection and usage practices. I suggest that just because you can do something doesn’t always mean you should. We are approaching a tipping point around the creep factor of having everything that one does be tracked. People are tired of constant advertisements, witnessed by the increased adoption of ad blocking technology, and especially Apple’s recent iOS 9’s robust blocking capability for Safari – which has been heralded as the potential death of online advertising. As ads are blocked, marketers need to find other ways to get their message through, such as direct contact with mobile devices. That will require permission from each user. And that means you have to be delivering a lot of value while also showing some restraint in the level and frequency of contact.

Another interesting wrinkle is the October 6 ruling by the EU Court of Justice that struck down what is called Safe Harbor, a policy that allowed self-certification by U.S. companies to say their data protection standards were sufficient for EU citizens, who are protected by strict privacy law. Israel followed suit on Oct. 20. What happens next is yet to be determined, but everyone is scrambling to figure out how to protect their international business by the end of January grace period.

When practices get abused, people fight back or tune out. It’s human nature. In e-chatting during a webinar this week with its moderator Chris Surdak, a big data expert, (who I thought discussed unbridled capitalism more extremely than anyone I have ever heard), he noted regarding privacy that “The backlash will be epic, if we ever get there.” Hmmm. A thoughtful approach to what you collect, how you collect and use it, how long you keep what you collect, with whom you share it and what they do with it will better serve and protect your business and your brand through changes in customer sentiment and the regulatory environment.

Brand Reputation in the Era of Data: 8 Principles for Responsible Data Stewardship That Won’t Kill Your Customer Relationships
Brand Reputation in the Era of Data – Principle 1: Empower Customer Control
Brand Reputation in the Era of Data – Principle 2: Be Clear and Accountable
Brand Reputation in the Era of Data – Principle 3: Do Everything You Can to Protect Customer Data
Brand Reputation in the Era of Data – Principle 4: Mind Your Partners!
Brand Reputation in the Era of Data – Principle 5: Practice Customer Empathy
Brand Reputation in the Era of Data – Principle 6: Comply with All Applicable Laws and Regulations. Then Exceed Them.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

This week on NVTC’s blog, NVTC member company Kathy Stershic of Dialog Communications continues her Brand Reputation in the Era of Data series by sharing principle six: comply with all applicable laws and regulations - then exceed them. 


There are a LOT of laws and regulations out there that govern data handling and privacy. They vary according to where you conduct business. The European Union has the strictest set of laws that are built on the principle of human rights. The United States has what’s called a sectoral approach, that is different laws are set for different sectors – like HIPAA for healthcare, Gramm Leach Bliley for Finance, the Cable TV Privacy Act, the Electronic Communications Privacy Act and on. In the US, 47 of 50 states also currently have data breach notification laws, all of them slightly different. Asian countries adopt data protection laws and sectoral laws. Many Latin American countries have constitutional guarantees, data protection laws, and sectoral laws. Yikes! It’s a lot to comply with – and just to keep things fun, laws and regulations are changing and updating all the time.

Realistically, marketers are not going to know every legal requirement that impacts their organization. But you should at least be aware of the basic principles of what’s allowed in the places you do business, then coordinate with Legal (I know, I know!) on how to stay out of trouble. This discovery can also happen through a process called a Privacy Impact Assessment, mentioned in my previous post.

Observing laws and regulations must be standard operating procedure. But just being compliant really isn’t enough to enhance your position in a fickle and frenetic market. Think about it this way – do you want your child to just stay out of trouble at school, or be a leader in the classroom? Where’s the attention going to go? You sure don’t want to stand out in a bad way – like being one of the 256 app providers who violated the privacy terms they contracted with Apple.

Going beyond the legal minimum and making extra effort will help your business differentiate as a trusted source. Simplified privacy policy language will help. Minimizing data collection and retention (yes, you CAN get rid of stuff!) will help. So will being transparent at all times about your practices and behaviors. Use creative ways to tell the story to your customers and stakeholders – through vignettes, through messaging, through customer service scripts – put it out there. Earning trust marks like TRUSTe really sends the message that you take data stewardship seriously.

Your customers expect you to comply with the law. They want to feel like you care and are proactive about protecting their data. I firmly believe that the great majority of people want to do the right thing; it comes back to mindfulness and balance between enthusiastic pursuit of business objectives and a bit of thoughtful restraint.

Brand Reputation in the Era of Data: 8 Principles for Responsible Data Stewardship That Won’t Kill Your Customer Relationships
Brand Reputation in the Era of Data – Principle 1: Empower Customer Control
Brand Reputation in the Era of Data – Principle 2: Be Clear and Accountable
Brand Reputation in the Era of Data – Principle 3: Do Everything You Can to Protect Customer Data
Brand Reputation in the Era of Data – Principle 4: Mind Your Partners!
Brand Reputation in the Era of Data – Principle 5: Practice Customer Empathy

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

This week on NVTC’s blog, NVTC member company Kathy Stershic of Dialog Communications continues her Brand Reputation in the Era of Data series by sharing principle five: developing an empathic organizational culture that understands, internalizes and practices customer-sensitive behaviors.


Hand in hand with getting your own house in order to secure customer data is developing an empathic organizational culture that understands, internalizes and practices customer-sensitive behaviors. This can be reflected in the marketing practices you adopt, the way customer data is collected and handled, and the attitude and values that are expressed and embodied from leadership through the ranks.

Several respondents in our qualitative feedback study emphasized that organizations’ observing privacy policies internally was very important to them. While most every organization has an external privacy notice (understandable or not), many companies lack a robust internal privacy policy, data management policies, or even clarity of their privacy mission and position. It is important to thoughtfully define these, then train your people, in a resonant and memorable way about these corporate values and an employee’s role in them. Reinforce the training with an ongoing internal awareness campaign. Help your team remember that behind every purchase, tweet, post, click and share is a human being and all that entails. Anyone who has something or someone to protect can understand that.

This is a foundational aspect of your organization’s personality and reputation – how do you want to be seen and regarded? Are you the respectful company? The service-oriented company? One who customers see as sneaky or arrogant? One who is so consumed with innovation and speed that they forget there are real people who will be served or potentially harmed by your invention?

Consider incenting or requiring those who work with other’s personally identifiable information, whether it belongs to customers, employees, partners, students or anyone else, to get certifications. This can help them more deeply understand the implications of what they’re working with. A colleague of mine likened this to how massage therapists are trained to respect the bodies of their customers, with their reputation and careers dependent upon following those protocols.

A best practice is to conduct what’s called a Privacy Impact Assessment (PIA) to evaluate risk in both existing and intended practices and services. There are online resources to offer you guidance (shameless commerce warning: Dialog can help with these); you will need some understanding of the legal and regulatory environment in which you operate. Then, when you objectively understand the level of risk, you can consider adjustments to your practices or plans if necessary. Those who may decline to participate should be made fully accountable for any consequences – financial or otherwise.

Acculturating a sense of responsibility and empathy, with policies to back that up, will go a long way toward solidifying your organization’s reputation as a trusted vendor. And that translates to the bottom line.
Brand Reputation in the Era of Data: 8 Principles for Responsible Data Stewardship That Won’t Kill Your Customer Relationships
Brand Reputation in the Era of Data – Principle 1: Empower Customer Control
Brand Reputation in the Era of Data – Principle 2: Be Clear and Accountable
Brand Reputation in the Era of Data – Principle 3: Do Everything You Can to Protect Customer Data
Brand Reputation in the Era of Data – Principle 4: Mind Your Partners!

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

This week on NVTC’s blog, NVTC member company Kathy Stershic of Dialog Communications continues her Brand Reputation in the Era of Data series by sharing principle four: protecting data when it is passed on to others in your value chain.


Here is the Fourth of 8 Principles for Responsible Data Stewardship That Won’t Kill Your Customer Relationships, based on Dialog’s recent research.

While the last post discussed getting your own house in order around protecting customer data, equally important is protection of that data when it is passed on to others in your value chain.

Consumers regularly agree to share data with a particular organization for immediately known purposes – a purchase transaction, registering for a site or service, downloading an app. There is an abstract understanding that their data is shared. But the specifics of with whom, how and for what are vague to all but the most attentive, usually those who work in a marketing capacity. I recently heard a statistic that a data broker will have about 1500 pieces of information on an average individual! I didn’t know there could be 1500 things about me to be tracked. Who knew I was so interesting?

This vague concept of ‘they have all of my data’ is unsettling, leaving people feeling powerless and hoping that nothing harmful will befall as a result. It is perhaps the greatest area of concern for our study respondents. Legal requirements are normally that the data owner has bottom line responsibility (read that the one who could be sued in a breach), so it behooves you as a data collector to integrate strict data management terms into your third party contracts.

But beyond that, it’s how the data is used and monetized – and we all know this is the holy grail of marketing – that respondents find troubling. One respondent noted that “3rd party access to my search history is completely inappropriate.” Another noted that “if you got my data from somewhere else, tell me where you got it from.” Some of the other concerns expressed included not allowing an individual’s identity or data given for one perceived purpose to be used by entities that have control over other parts of their lives – insurance, credit, employers, housing, civil litigation, healthcare providers, surveillance or profiling, divorce court, political parties, or the news media, except as allowed by law. Data collectors should therefore carefully consider legal requests vs. legal requirements.

One suggestion was to have and observe universal standards on collection and distribution of sensitive and potentially harmful medical and financial information. There are already laws about these domains, but data analytics can get pretty accurate at some of these situations using other non-regulated data.

But some respondents also took a Buyer Beware stance, saying that data voluntarily given and captured through public means is there for the taker, and consumers can always choose not to participate in a transaction. Better to educate people about what is being harvested about them and how it is used. Perhaps improving privacy policies would be a good start. But it can be challenging to get that message across when data is handed off to anonymous 3rd parties whose very existence or purposes are unknown to average people.

With the Internet of Things, this situation will grow exponentially, creating further issues of securing data at the points of collection, transfer and curation x 1000 – and the implications for Big Data crunching that will come from it. Bottom line – mind your partners. Privacy protections need to be contractually obligated with third parties, but prudence dictates you avoid sharing with those who perpetrate the creep factor, especially when contributions can be traced back to you.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

This week on NVTC’s blog, NVTC member company Kathy Stershic of Dialog Communications continues her Brand Reputation in the Era of Data series by sharing principle three: protect your customer data.


Here is the third of 8 Principles for Responsible Data Stewardship That Won’t Kill Your Customer Relationships, based on Dialog’s recent research.

There are few hotter topics these days than cybersecurity. Sadly, the state of affairs will probably not significantly improve in the foreseeable future. Estimates are that two new malwares proliferate every second. Even the best intrusion protection software cannot keep up with that. The reality is that no organizations are infallible, and despite your best efforts, you can and probably will get hacked.

Still, organizations must proactively do everything they possibly can to protect customer data. With new breaches in the news (and notifications in our mailboxes) so frequently, people are rightly very concerned about the security of their data. Organizations who are thought to not have taken adequate security measures become the target of lawsuits. For example, Anthem is facing multiple suits after admitting a massive breach last February.

While setting up digital protections is the realm of IT, there are many other sources of risk to customer data – such as employee negligence, being careless with physical documents, not securing file cabinets, not destroying data that is no longer needed, leaving unsecured computers accessible, malicious insiders and just plain old mistakes. An organizational culture of mindfulness about practices that may seem innocuous can go a long way toward keeping data secure. It’s everyone’s responsibility.

Our study respondents had many other data protection concerns as well: Hide my identity; don’t track (or reveal) my location – this is a particular concern for women who may face stalking threats; don’t use facial recognition to identify me in crowd scenes; don’t harm me or enable harm to me by sharing my data with others who discriminate or apply bias; don’t track health-related data and search queries; don’t share sensitive medical and financial information. Unfortunately technologies are rapidly proliferating to do all of these things, and faster.

Just one example – at a conference last week, I heard the Chief Privacy Officer for Acxiom say that their data analytics capabilities are advanced to where they can identify by name a large percentage of the U.S. male population who were likely to have a certain health condition that, let’s say, most would not want revealed. She had to call foul and was able to stop the general availability of these lists for purchase.

Clearly there are many facets to data concerns and data protection. Get your own house in order. Ingrain this into the culture. And be as transparent and reassuring as you can with your customers about how seriously your organization takes this. But then there’s beyond your organization, which will be addressed in my next post.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

This week on NVTC’s blog, NVTC member company Kathy Stershic of Dialog Communications continues her Brand Reputation in the Era of Data series by sharing principle two: be clear and accountable.


Here is the second of 8 Principles for Responsible Data Stewardship That Won’t Kill Your Customer Relationships, based on Dialog’s recent research.

For starters, how many times have you actually read the whole privacy notice of a vendor, financial institution, or app you put on a mobile device? Ever? The reality is that almost no one reads them. They’re generally long, filled with legal jargon, and published in tiny, hard to read font. They all vary according to applicable law. They can be hard to find on web sites. The ‘opt out’ link is even harder to find.

Not reading them is no excuse for consumers who willingly enter a business relationship to claim ignorance or victimhood – or is it? When you accept a service, you are bound by the terms. But it is widely understood that privacy notices are very challenging for average people. There is a legal concept of responsible use of personal data that at least one legal expert I’ve heard speak says the U.S. Congress knows is going to need to be legislated. But who knows when that will be?

It is safe to say that for now that privacy notices are generally not working as they should. One respondent in Dialog’s recent study (a polished professional in a responsible job) reacted passionately with ‘privacy policies stink!’ as his gut opinion on this issue. So how can they be made better? And why should marketers even care?

The privacy notice presented to your customers is a legal covenant made with them. It establishes a bond that is integral to your brand reputation. But that doesn’t mean it has to read like a dry legal brief. Done right, it should reflect your organization’s values, its attitude toward customers and its interest in helping them understand terms of the business relationship – simply, clearly and transparently.

While privacy notices (also called statements and policies) must be developed and approved by those with legal and privacy expertise, Marketing has the communication expertise to simplify the language, put a customer advocate hat on, and collaborate with the legal team to make this customer-facing document as clear and friendly as it can be. Put it in words that read like how people talk. Make the mutual responsibilities clear and transparent. Spell out ‘what this means for us’, ‘what this means for you’, and what actionable options people have to empower control.

Make the notice readily accessible. Some of Dialog’s study respondents even suggested reminding them of the covenant every time they interact with a site or an app. Right up front. Plainly. And if a policy changes, what has changed should be immediately pointed out, allowing customers to opt out of the new terms on the spot. (By the way, changes should never be made retroactive, but that’s for another discussion).

Then consumers – read them! As a few of Dialog’s respondents willingly owned, users have responsibility in this game. You get something for what you give up – money or information. But it’s a choice. You can always choose not to use an app or a service. Last year, when Facebook spun off Messenger, I went to add it on my smartphone to see a pending message. But then I read the notice of what I would be agreeing to in doing so – giving Facebook access to all of my non-Messenger text messages! (Why do they need that? How many of you saw that?) Messenger did not get added to my phone, and I still manage to communicate with my loved ones anyway.

Beyond your external notice, make sure you have clear internal privacy policies. Then make sure everyone in your business is trained on them. Remind employees often to act with responsibility and accountability. And apply those policies consistently. Breaking the established customer bond is a quick way to kill trust and damage your brand. Clarity and accountability will strengthen it.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS