Privacy, Data Breach and Reputation Management

Reputation management and data breach are two phrases you don’t want to see in the same sentence. However, sometimes you are going to be in a situation where dealing with the consequences of a data breach is inevitable.

It is important to understand that trust and reputation management are tightly connected, and when an incident like a data breach occurs it is a true test of the approach taken and the bond you have created with your customers over time.

Researches show that 69%of people think the importance of privacy  and security practices preserves trust in the companies.

What does this mean for your company in terms of numbers and facts? Let’s find out!

What are the reputational damages of a data breach for a company?

So, you have suffered a data breach, what now?

You can expect everything, from bad press to your customers turning against you on social media and loss of clients. This is a downward spiral into the loss of brand value, loss of trust, and eventually financial losses.

A data breach will not only affect the level of trust with your current customer base but also create a way you are publicly perceived by potential customers.

It will also make an impact on your business operations, affect your brand value and investor appeal, not to mention the costs of a data breach.

Research by FTI Consulting from March 2020, revealed that companies expect a 9% drop in their global annual turnover as a result of a data privacy crisis.

“Respondents explained this drop would manifest through “very negative” impacts on organizational reputation, investor confidence, business operations and external relationships. Based upon the respondent organizations’ current average annual turnover cost of $830 million, these effects are estimated to cost $79 million in losses.”

How you decide to deal with the breach will in a lot of ways determine what will happen to your brand and your company. However, the situation is not hopeless.

Online reputation after a data breach

65%of consumers trust online search engines the most when researching on business. This means they will consider it a reliable source of information.

Accept that your past reputation will follow you, but you can control what happens later.

Although there are artificial ways to affect your online reputation, there’s no way to create a false impression with any lasting power effectively, so steer clear of that strategy.

Customers today have a very effective platform to speak their minds and leave their reviews. Instead of trying to control their behavior, you should try navigating your business decisions to what customers want – trust and transparency.

Be patient, do not try to manipulate your social media outlets to hide the facts, focus on your long-term strategy.

Show how you changed by displaying your improvements in the data security field and stay persistent in your efforts to ease the consequences of the breach.

Steps you should take in the case of a data breach

When a company faces challenges imposed by a data breach, it can be incredibly difficult to make all the right moves. Top priorities should be:

• Stop everything
• Evaluate the situation
• Minimize further damages
• Notify data protection authority (if you are obligated) and individuals affected

It may not seem that way immediately, but in the long run, the protection of personal information of your customers should always be a priority. The way the company handles the situation will affect the way the consumers will perceive the company in the future.

Clear and transparent communication

If you have suffered a data breach after you contacted your customers and notified them of the situation. Issue a public statement via your website immediately.

Disclose the situation, explain what happened, which personal data was affected, and how you are handling the breach.

Open your communication channels and enable customers to contact you via chat, phone number, or e-mail, to ask additional questions.

This way you will have control over your online reputation and discourage false information from circulating the Internet.

Focus on prevention

Your company should create carefully constructed data security and data privacy policies and detect the most probable and destructive scenarios.

Don’t be disheartened by what happened, learn from your mistakes. Do this even after the breach occurred. This is a point where CMO, IT, and a DPO are forced to collaborate, even if this is not a usual practice in your company.

Most businesses collect data to refine their marketing strategy or to improve customer experience and should be responsible for it. The responsibility of the company is to do whatever possible to assure that the personal information of their customers is secured.

How companies handle collected data will be more and more important and it will become the core of any reputation strategy.

Reputation management: How data breach affects customer relationship?

A data breach is one of the three most common and fastest ways to undermine the company’s reputation (the first two being poor customer service and environmental incident).

Consumers place a significant amount of trust in the companies they share personal data with, and they do so because 71% of them believe those companies accept an obligation to control access to it. However, less than half of CMOs and IT practitioners are taking responsibility for it.

Therefore you implement tools and procedures that can help you restore the relationship with your customers.

How to (re)connect with customers and build trust?

69% of respondents say a company’s privacy and security practices are very important to preserving their trust. 26% believe companies are able to protect their personal information.

However, only 21% believe they have a high level of control over the privacy and security of their information.

Good reputation management helps create happy, loyal customers, who in return, become brand advocates spreading the word about your company. According to Salesforce research from 2018, there is only one way to get there: transparency and control.

Customers have stated that they would be more willing to trust companies that gave control over the collected information, are transparent in the way they use that information, have a strong privacy policy, or ask for explicit consent.

For a company that operates on a large scale, it is of the utmost importance to operationalize data protection by keeping the data safe and implementing data privacy processes.

To be fully transparent you should provide a self-service privacy portal for customers, where they can manage their privacy preferences and get information about how the Company is processing their data.

In “State of Connected Customer“  some incredible insights were given about what would make customers increase the level of trust about companies that process their personal information:

• 92% of customers stated that they would be more willing to trust a company with their personal information if they would have control over what information is collected about them 
• 91% would appreciate transparency about how their information is used
• 91% said that they would like to see a commitment by the company to protect their personal information
• 90% would like if a company would have a strong privacy policy
• 88% would like a company to ask for their explicit consent to use their information
• 88% of customers do not appreciate sharing their personal information with third parties without permission
• 86% would be more willing to share their information if you would explain how using their personal information will improve their customer experience
• 78% would trust you with their personal information if you can fully personalize their customer experience 

Bad example of dealing with a data breach

A few years back, Uber found out that hackers had accessed the personal data of 57 million riders and drivers. Instead of coming forward with the situation, they decided to pay hackers and cover it up.

Obviously, the cover-up did not work. After everything went public, Uber’s CSO was fired, and Uber paid a $148 million settlement. Their already damaged reputation was put to the test when the #DeleteUber campaign was launched by customers who were encouraging others to stop using the platform. It all added up, and data breach did not help.

There was a lot of negative publicity at that time with Uber and the competitors saw the opportunity to challenge Uber, which was thus far the undisputed market leader.

This example shows how a series of bad decisions made by upper-level management affected the company over a long period, resulting in financial penalties, reputation damages, and loss of customers.

Good example of dealing with a data breach

On the other hand, Canva suffered a cyber-attack in 2019  affecting approximately 139 million Canva accounts. However, how they handled it was a great example of how data breaches should be handled.

They immediately locked down Canva, stopped the attack as it was happening, and notified their users with full disclosure of what happened and how their data was affected.

The open approach they took and quick reaction when the incident happened, helped them control the damage done to their brand and reassure their customers the data breach is their highest priority, and that they are on top of a situation.

What can you do to make your customers trust you more?

In 2018, customer expectations hit all-time highs (according to data-driven research on more than 6700 customers), they know their rights and are not afraid to exercise them.

Keeping a record of their activities, and requests become a complicated process, and that is why automatization is the key. As the company progresses even further with customer acquisition, data collection and market expansion, automatization of the processes will become unavoidable.

Protecting customer data, fulfilling their rights, and building trust are three interconnected things. There is a quick checklist on how to start that journey

• create a privacy policy and stick to it
• explain to the customer why you are asking for their data, how it will be used and who is going to process it
• respect the deadlines for resolving customer requests and enable customers to exercise their GDPR rights
• show them how the collected data is going to provide them with useful information or a better customer experience
• protect their data by any means available and adjust the level of data security to the sensitivity of their data