Shopping for a new ESP and comparing email marketing solutions? If so, you have much to consider and possibly much to wow you, as you dig deep into feature sets and automated email capabilities. It’s work to be sure, to compare these ESPs, but also exciting to think about the possibilities for your email marketing program!
However, there’s a dry, boring side to all of this that you must consider too. Yes, the brochures are beautiful and the features fabulous, but you’ll need to look into the security and compliance aspects of each email service provider as well.
No one really wants to talk about security issues or legal ones…well, except for the IT folks and legal department. But without these pieces in place, all the features sets in the world are for naught if data is comprised or compliance not met.
With the constant threat of identity theft—using information like that contained within your customer databases—as well as the risk to your sender reputation if your list is hacked or stolen, an ESP’s ability to keep your data safe is paramount. In addition, your compliance as an email marketer also critical to protect consumer information—and your organization.
Make sure your data stays secure
People are increasingly concerned about the security of their data, with good reason. As a result, they are less likely to use a third-party tool or hand over personal information. Therefore, security should extend beyond the platform to cover access to the network as well as local access from the platform facility. Also, public companies must comply with regulations such as Sarbanes-Oxley (SOX). If your organization also maintains healthcare related information or electronic transactions, the HIPAA Privacy Rule also applies. Before evaluating the security capabilities of any email service provider, be clear on the requirements of your organization and industry, in particular, the level of security wanted or mandated. Then do your email service provider comparison with these questions in hand:
- Is the email service provider SOX and HIPAA compliant, if applicable?
- Do they have network intrusion detection, such as firewalls, employee screening, monitored access, and/or security cameras?
- Does the ESP require background checks when hiring employees?
- Are they insured, licensed, and bonded?
- What types of audit trails are available?
- What types of security tools are in place at the email service provider?
- Do they provide monitoring and alerts?
- Has the company been through a Statement on Standards for Attestation Engagements (SSAE) No. 16 (formerly SAS 70) audit? If so, what were the results? If not, why not?
Stay on top of compliance issues
Your data is one of your company’s most valuable assets. If your organization requires you to manage customer data in a certain way, legal considerations matter. You will need to make sure your emails are CAN-SPAM compliant, but there are other regulations you might need to comply with as well, such as the Canadian anti-spam law (FISA), the California Online Privacy Protection Act (OPPA), and others. Talk with your legal department to make sure you know which regulations apply, then talk to the email service provider you’re considering to get answers to these questions:
- All top tier email service providers have requirements for emails sent out through their platforms. Will your emails meet those requirements?
- Will the email service provider help you determine what kind of content is legally acceptable in transactional emails?
- Is the ESP able to help you comply with the new, more stringent regulations, such as the Canadian anti-spam law?
- Is the ESP proactive in determining which new regulations apply? Are they taking action to be compliant and to be sure their customers are as well?
Both data security and legal compliance should be high priorities when doing an email service provider comparison. Using these questions listed above should help you make an informed decision. For more help with your email service provider comparison, use our free online ESP comparison tool or download our 2013 guide to choosing an ESP.