The specter of privacy legislation looms over our industry (and others). For a while now, we have anticipated it with a sense of dread otherwise reserved for the four horsemen of the apocalypse, under the assumption that any regulation attempted by Congress will likely be more harmful than helpful.

That may be inaccurate – industry groups are bringing together insights into customer behavior alongside the latest in data protection protocols to help guide any legislation down a path that should help rather than harm. In the meantime, here are four things that we can do now:

  1. Nail down the basics. It’s a boring and thankless task, but you should be paying more attention to basic security. Make sure you change your passwords regularly. Make sure every individual has their own access – stop sharing passwords and logins. More importantly, when people move on and no longer need access, remove it. Ask your ESP if they have a CSO. Find out if your company does, and enlist their support. Yup, boring. But it could save you from a lot of trouble.
  2. Test “relevance” marketing programs. Triggered or automated programs offer quantifiable wins – which means you should be able to put together a business case to get these built. Start with these, and then use the results to build the case for testing propensity models with your larger program. Your goal is to give reasons for your email subscribers to not only share their information, but to also suggest to their friends that you are trustworthy and worth sharing with.
  3. Build disaster recovery plans. One thing we can say about the recent ESP break-ins, is that it showed how ill-prepared some companies are to dealing with this kind of news. Consumers were still receiving emails about the break 5 days later. The goal should be to inform people as quickly as possible – preferably within 24 hours. Building a plan in advance, even one as simple as a flow chart to show which decisions get made and when, can speed the process and help those involved understand the level of urgency for communications.
  4. Create a privacy task force. No, you don’t expect to get much done now with this group. But by assembling the stakeholders in your organization, you set yourself up as an owner of this issue, and therefore of the eventual solutions. You can also start pulling together a game plan, so that it will be more easily executed later – again, with all stakeholders on board.

And here are two things to put on the priority list for later. Unless you’re in a highly regulated industry, it’s likely you won’t get your company motivated to think about these now. But planning ahead could turn into a level of control over the eventual changes that privacy legislation will bring.

  1. Create (or revise) your preference & privacy center. These should merge eventually – and will cover more channels than email. Start writing down some ideas for what information you’ll need to give customers control over, and how you will want to present those choices.
  2. Simplify your privacy language. Making privacy policies more easily understood will help with trust later. If you can’t cut the legalese, see if you can add a sidebar with colloquial English summaries of each paragraph or section.

These aren’t the most exciting things happening in email marketing, but they are the basic requirements for managing an email program today. Dedicate some time for management so that you keep control – otherwise, as privacy legislation gets closer, you may find your programs being managed by others.

Originally posted on’s Email Insider blog. View comments there.