Endpoint police part 4: The crime fighter

This is the final installment of the four part series, exploring how corporate data and data protection is viewed and approached by various technical experts.

Following the police officer, forensic investigator and lead investigator, “The Crime Fighter” focuses on the CIO and Chief Marketing Officer’s (CMOs) role in data protection.

It’s recently been reported that company reputation is worth £1.7 trillion to the UK. As such, while it’s not in the remit of the CMO to protect corporate information itself, the recent spate of data breaches reported in the media should have driven awareness of the risks of poor data security at the top of their agenda. After all, CMOs are tasked with maintaining, and in some cases regaining, public trust in brands after a media fallout.

But just how can this senior executive, with no direct responsibility for data protection but a keen interest in preventing a breach from happening, play an active role in ensuring the risks of reputational damage are limited?

Make friends

The first thing the CMO, or proactive crime fighter, has to do is befriend the CIO. The importance of this friendship is increasing, and not because of reputation management when a breach occurs. Rather, when it comes to technology spending, Gartner predicts that the CMO will outspend the CIO by 2017.

CIOs (who for the reference of this series act like police commissioners, establishing departmental policies and procedures) will be able to help CMOs navigate data legislation and technical jargon. More importantly, the CIO can help the CMO develop and implement data protection policies that reduce risks of data breaches when new projects or campaigns launch.

The key to CMO-CIO collaboration is for both executives to understand the roles/responsibilities of the other. CIOs - especially those in the enterprise - work on projects that take many months to complete. They are focused on ensuring that the enterprise is protected and that projects are delivered on time and in budget. CMOs, on the other hand, are driven by innovation, and more often than not the ability to deliver the highest ROI in the shortest timeframe - leaving little time for the CIO to do his/her due diligence.

Build a lasting peace

With this in mind, it is imperative that both the CIO and CMO come to the table with an open mind. At the start of each project, these senior executives and their teams should sit down and discuss how best to proceed. The CMO should discuss his/her desired outcomes, and the CIO should work to ensure the best data protection policies are in place to minimise risk associated with marketing efforts.

It may seem like an unnatural balance at first. The crime fighter will always want to act and the police commissioner will always want to ensure that procedure and best practice is followed. Yet, there’s a peace to be made with one another. After all, as senior executives of the business, both the CIO and CMO have a duty of care to ensure that the business is protected from risk. The only way to minimise risk is for the crime fighter and police commissioner to work together and work as one unit.

Sharing the burden and the glory

Once the conversation is underway, regular communication is critical. The CMO needs to share with the CIO every detail of a relevant project as the marketing plan develops. The CMO should pay special attention to any elements of plans involving potentially sensitive information, and both parties should agree on an action and communications plan should an issue arise. Sensitive elements might include every day marketing tactics, such as:

  • Data capture on content downloads
  • Social media and other engagements where data is captured
  • Inbound enquiries, and any form of resulting data
  • Data capture and security elements on microsites
  • Websites, often owned by marketing, which are becoming revenue generating sources - capturing sensitive information from the customer

In turn, the CIO should update the CMO on changing data protection policies, such as the General Data Protection Regulation (GDPR). He/she will also be best placed to advise the CMO of any additional security measures that need to be taken for projects where customers are asked to share information. After all, it is often leaked customer data that lands brands in hot water - something both parties want to avoid.

At the same time, when both parties share the burden, they should also share the glory. The CIO and CMO should act as a team, and where possible work together to update the board on their progress, their plans and report jointly on ROI for projects.

Ultimately, CMOs and CIOs both have a vital role to play in the prevention and remediation of data breaches. The more time these two traditionally opposing parties spend together, the less risk to the brand. And, when data breaches do occur, they will be able to work together more efficiently to ensure the fallout stays minimal.

Ann Fellman, VP of Marketing at Code42