Jan 15, 2021
Day 46 —Marketing System Cleanup
Removing Personal Information from our marketing platforms
Today I bit off a big chunk of our remaining data risk: removing personal information from systems that shouldn’t be storing sensitive data.
Specifically from our main marketing platforms:
- Hubspot
- Typeform
- Mailchimp
The theme of this week continues to be a lot of tedious, rote work — but I’m grateful to be cleaning up things now versus letting them pile up.
Hubspot
Removed contacts, companies, notes, and pipelines.
Why?
- Hubspot is not HIPAA Compliant (i.e., they won’t sign a BAA).
- It’s also really expensive — I pay $50 now and the price goes up to $250 as of March
For now, I transferred everything to a spreadsheet — eventually I’ll look at Salesforce but frankly I just can’t afford it and it has fairly limited value at this point.
Typeform
I was really surprised to find out Typeform doesn’t have SOC2 compliance, especially after ALSO learning they had a data breach a couple years ago. While I really enjoy the tool, I simply do not want to take the risk with user’s data. So I decided to remove all surveys that reference PII. I’ll continue using it on a limited basis, but only for prototypes that don’t collect any identifiable information from people.
For example, here’s one of the early content prototypes I tested:
Mailchimp
Similar to Hubspot, Mailchimp does not have an option to sign a BAA and therefore is not HIPAA Compliant. I spent some time removing all references to PHI that I had been managing as tags and switched form collection fields from my website to be more generic.
Now What?
I’m going to wait a few weeks to fully delete Hubspot to make sure I have everything I need.
Almost there!
