"To the direct customers of Epsilon - Walgreens, Air Miles, Lacoste and others - the questions are tougher. One: do you still trust the company to handle your email? Two: how will you regain the trust of your own customers?"
"Outsourcing and the cloud are buzzwords of the 2010s - their many evangelists will assure you that cloud-sourcing your high-volume internet services is certain to save you money, improve your up-time, and boost your security. After all, if you leave a job such as direct marketing (or email, or office automation, or authentication) entirely to the specialists, you're bound to have experts on the job who are at least as switched on about security as you are. Perhaps. But sometimes, keeping your own skills and abilities factored in to your organisation's security equation can pay off."
"Bear in mind that a growing number of experts, including MySQL and Sun, RSA, Comodo and Facebook, have recently shown that they don't know everything about security, after all. Maybe _they_ should be learning from _you_?"
"If you keep data about other people - even if it's just email addresses, you owe it to those people to protect their information Even if you're the sort of organisation which is willing to take risks with your own data - sales forecasts, trade secrets, and that sort of thing - you have a clear moral duty not to take risks with data you keep about other people."
Sign up for CIO Asia eNewsletters.