Pitney Bowes might be known as a marketer of business machines, but it has another business as well—as a repository of other people’s data.
Founded in 1920 as a manufacturer of postage meters, the Stamford, Conn.-based company now manages other organizations’ messages and mail. Government agencies, universities and companies like T-Mobile hire Pitney Bowes to print and track direct mail, calculate taxes on bills and handle other document-related chores. One service—the “automated document factory”—relies on a database of addresses to automatically match printed statements with printed envelopes for mailing. Getting the right statement into the right envelope so it’s mailed to the right person is critical.
Trevor Odell, the manager of data security, is in charge of protecting Pitney Bowes’ data and must truthfully answer “yes” when board members ask him if the company is compliant with the alphabet soup of regulations that govern its business. Because it handles health-care data, it’s subject to the Health Insurance Portability and Accountability Act; because of financial data, the Payment Card Industry Data Security Standard and the Gramm-Leach-Bliley Act; and so on.
And Odell has another worry: Pitney Bowes doesn’t want employees e-mailing, instant-messaging or transferring its intellectual property outside the company, even accidentally.
But when, a couple of years ago, the company set out to safeguard its critical business data, it found that employees were sending out personal information through the corporate network—a fact Pitney Bowes has learned to use to its advantage.
In 2005, Pitney Bowes bought software from Vontu to protect its data and monitor employees’ electronic communications. Vontu, a San Francisco-based company, makes data loss prevention software that watches communications on all network exit points.
One product, Vontu Monitor, comes with about 60 templates to help companies figure out which information to protect. It monitors both structured and unstructured data in a variety of ways—by exact matches, pattern matches, sender-receiver, network protocol and several others. A second product, Vontu Prevent, flags and can automatically block violations.
Pitney Bowes distributed and replicated the software in its U.S. offices. Odell won’t say how much the company paid for the deployment.
The company’s employees in Europe, however, are not monitored by Vontu, at least not yet. The software may violate the European Union’s privacy laws, so Pitney Bowes is negotiating with the E.U. for permission to use it. Until they reach agreement, Odell says, Pitney Bowes will take “a conservative approach” and keep the software in the U.S.
Most of Vontu’s customers, like Pitney Bowes, are Fortune 1000 companies in industries that deal in sensitive information—financial services, health care, insurance. And like Pitney Bowes, many of these companies are surprised to discover what’s happening to the information they’re monitoring, says Maureen Kelly, a product marketing director at Vontu.
Pitney Bowes employees were careful with corporate information, Odell discovered after Vontu’s software started running, but they were cavalier in how they handled information about themselves. The software showed that employees were e-mailing sensitive personal documents—applications for mortgages, personal tax returns during tax season—that could have exposed them to identity theft or worse.
“I don’t think people understand how valuable private data is,” Odell says.
So, Pitney Bowes is preparing online training for its employees on how to handle and protect their personal information, focusing on practices they can use at home.
Odell believes the training will benefit not just employees, but his employer as well. “Anytime you train somebody for whatever reason about personal information, it translates to their activities as an employee,” he says. “It’s in their mind to protect information.”
He figures hackers are not picky—whether data comes from companies or individuals, it’s still salable. And the software helps him feel more confident that information leaks aren’t damaging Pitney Bowes or its brand.
