There is little a company fears more than a data breach. It must be painful to tell customers that their personal credit information has been compromised. But numerous companies have had to do just that, recently including Target and Anthem Blue Cross Blue Shield.
How, exactly, do you make that right? By being transparent, accountable, apologetic and proactive.
Anthem, during a breach earlier this year, gets fairly high marks for communicating quickly. Regulations allow up to 60 days for a company to report such a breach to customers, but Anthem announced within a few days. Target… not so much. Target took weeks to send notices to customers, losing valuable ground to build customer trust.
The benefit of acting quickly is that it signals you are taking charge of the situation. Ultimately, that’s what the customer wants. In this age of almost daily breaches, customers understand that every company is vulnerable. What they don’t understand and will never understand is not being informed of the situation. That is appearing to not take charge.
One danger of announcing quickly is not having all of the facts. This can create a dilemma. Should a company announce without all the details, risking errors in the process? It is my belief that the head-on approach wins. The story is coming out anyway. It is best if it comes from the company first, with this caveat included: “As we learn more, we’ll provide additional information.”
In both the Target and Anthem cases, the most important aspects of managing communication around the crises were:
Getting the story out quickly to customers (so they can proactively monitor their credit card statements).
Taking responsibility for the incident. A recent Wall Street Journal article noted Anthem’s CEO: “… apologizes and brilliantly shows empathy with his customers and employees by referencing the fact that his personal data was stolen as well.”
Telling customers specifically what to do, how to do it, and what the company is doing to better protect them in the future.
4. Frequent communication with stakeholders.
To this point, Anthem got high marks for getting information on its website quickly – and for keeping the message simple and easy to understand.
A data breach is never, ever good for a company, but incorporating these steps into a crisis plan can help manage one.