We have all received those annoying call-center calls – you can tell from the echoing sound, the pause before pick-up and the goofy-sounding person reading from a script. When there is a data security breach at a bank or store – yes, they do have to move fast – but there should be care in crafting this type of message to the masses! Suggestions include:
- Avoid confusion, have a clear message of the problem, how it affects the customer and where to go for more information.
- The speaker should be a person that CARES about the problem, and better if if it someone who is actually able to do something – a CEO perhaps.
- If data has been stolen, define WHAT DATA, and offer help in restoring the person back to a “regular” status.
Some excerpts from the article written by Penny Crossman, “How Not To Handle a Data Breach” in American Banker :
“Best-in-class organizations have done a couple of things ahead of time: they’ve engaged people throughout the organization who will need to play a role in the event a breach occurs,” he said.
And this doesn’t just mean the IT staff.
“Of course the tech team has to be involved, but wise organizations will also have CEOs and other C-level managers engaged, product managers engaged such as the person in charge of credit cards,” Smocer said. Online banking, mobile banking and call center managers need to be involved, as do marketing and public relations people and third parties, such as a credit monitoring provider that might need to provide a year of free monitoring for victims.
“You need to think about who’s going to speak with your constituencies, law enforcement, customers, the media,” Smocer said. “You almost have to lay out a plan that covers reasonable scenarios: what happens if we’re breached and private customer information is stolen, if intellectual property is stolen, if the third party we work with is breached and our customers’ information is affected. You need to assemble the team, run through some scenarios you can reasonably expect.”
There are also positive industry role models for dealing with a data breach.
In the wake of the Target breach, one credit union’s CEO called customers personally to notify them of the breach and walk them through next steps, Conroy recalls.
And as the DDoS attacks took place, PNC stood out for its deft communications work.
“PNC’s response was excellent – they were very honest with customers about what had happened, they assured customers their data and money was safe, and they provided clear communication about alternate ways to engage with the bank,” Conroy said.