Data breach and Reputation Management

Reputation management and data breach are two phrases you don’t want to see together. A data breach can truly cause serious damages to the company, both financial and reputational.

How many times have you heard that data is the new oil? If that is the case, we have to assume that they share the same characteristics- leaking and causing catastrophic events.

What does this mean in terms of numbers and facts? Let’s find out!

What are the reputational consequences of a data breach for a company?

When a company faces challenges imposed by a devastating data breach, it can be incredibly challenging to make all the right moves. Top priorities should be to evaluate the situation, minimize further damages, and to notify everyone affected.

It may not seem that way immediately, but in the long run, the protection of personal information of your customers should always be a priority.

Also, the way the company handles the situation will affect the way the consumers will perceive the company in the future.

A few years back, Uber found out that hackers had accessed personal data of 57 million riders and drivers. Instead of coming forward with the situation, they decided to pay hackers and cover it up.

Obviously, the cover-up did not work, and by not informing customers and drivers that their personal information was compromised, they have directly violated data protection law.

For example, GDPR dictates that data breaches must be reported to the supervisory authority within 72 hours of being identified (unless an exception applies).

After everything went public, Uber’s CSO was fired, and Uber paid $148 million settlement. Their already shaky reputation was put to the test when the #DeleteUber campaign was launched by customers who were encouraging others to stop using the platform. It all added up, and data breach did not help.

There was a lot of negative publicity at that time with Uber and the competitors saw the opportunity to challenge Uber, who was thus far the undisputed market leader.

This example shows a series of bad decisions made by upper-level management who ignored the importance of reputation management. It affected the company over a long period, resulting in financial penalties, reputation damages, and loss of customers.

Read blog: 5 things you need to know about Data Privacy

Reputation management: What happens with a company’s online reputation after a data breach?

The Edelman Trust Barometer research from 2019 shows that 65% (their highest historical levels) of consumers trust online search engines the most when researching on business. This means they will consider it a reliable source of information.

Make peace with the fact that your past reputation will follow you, but you can control what happens later. Although there are artificial ways to affect your online reputation, there’s no way to create a false impression with any lasting power effectively. This is no way to go.

Customers today have a very effective platform to speak their minds and leave their reviews. Instead of trying to control their behavior, you should try to control the situation by navigating your business decisions to what customers want.

Clear communication and transparency in the way you process personal information will help you build trust and strengthen the relationship with the customers. You cannot escape what happened, but reputation damages caused by a data breach are far from irreparable.

Focus on prevention. Your company should create a carefully constructed data security and data privacy policies and detect the most probable and destructive scenario to be able to prevent it before it occurs.

In some industries, this is a prerequisite, but it is no longer just banks and telecommunication companies that should have this sorted out. Most businesses collect data to refine their marketing strategy or to improve customer experience and should be responsible for it.

The responsibility of the company is to do whatever possible to assure customers that their data is safe.

With the GDPR, a wave of legislative around the globe is making customers aware that their personal data is valuable, and most importantly, very exposed. How companies handle collected data will be more and more important and it will become the core of any reputation strategy. Customers want trust and transparency.

Reputation management: How data breach affects the customer relationship?

Reputation management Salesforce-trends-in-customer-trustThere are numerous companies (eBay, EquifaxMarriott International…) that were ruined by a data breach, or their reputation was seriously endangered.

A data breach is one of the three most common and fastest ways to undermine the company’s reputation (the first two being poor customer service and environmental incident). A company can truly live and die by its reputation.

Consumers place a significant amount of trust in the companies they share personal data with, and they do so because 71% of them believe those companies accept an obligation to control access to it. However, according to the Ponemon Institute study, less than half of CMOs and IT practitioners are taking responsibility for it.

51% of consumers said that in the past two years, they had been notified by a company or government agency because their personal information was lost or stolen as a result of one or more data breaches.

Nearly two-thirds reported that the incidents caused them to lose trust in the breached organization. As a result, almost a third took steps to terminate their relationship with the organization (Source: The impact of data breaches on reputation & share value study independently conducted by the Ponemon Institute).

Download our e-book Solution for GDPR Compliant Personal Data Removal

What is the cost of a Data Breach?

In 2018 the 13th annual Cost of a Data Breach study was independently conducted by Ponemon Institute.

The study stated the global average cost of a data breach is up 6.4 percent over the previous year from $3.62 to $3.86 million.

The average cost for each lost or stolen record containing sensitive and confidential information also increased by 4.8 percent year over year from $141 to $148. It seems the cost of a data breach will increase by the year.

reputation management: ponemone-institute-research-on-data-breach

There is also a relationship between how quickly an organization can identify and contain data breach incidents and financial consequences.

The average time to identify data breach by the company was 197 days. The average time to contain was 69 days.

When a data breach happens, it is not the end of the road for the company, study shows that companies that contained a breach in less than 30 days saved over $1 million vs. those that took more than 30 days to resolve.

Reputation management: How to (re)connect with customers and build trust?

On the other hand, when your company is perceived as having a good reputation, it can result in a number of positive things, lessening the risk and accelerating profit of the company.

The good reputation management also helps create happy, loyal customers, who in return, become brand advocates spreading the word about your company. According to Salesforce research from 2018, there is only one way to get there: transparency and control.

Customers have stated that they would be more willing to trust companies that gave control over the collected information, are transparent in the way they use that information, have a strong privacy policy or ask for explicit consent.

For a company that operates on a large scale, it is of the utmost importance to operationalize Data Protection by keeping the data safe and implementing Data Privacy processes. Also, to be fully transparent it should provide its customers with a self-service privacy portal where they can manage their privacy preferences and get information about how the Company is processing their data.

Proving that you are compliant with data protection laws will be a new form of good PR.

In the recent research “State of Connected Customer” by Salesforce some incredible insights were given about what would make customers increase the level of trust about companies that process their personal information. Frankly, the answers given were quite reasonable:

Reputation management-transparency-about-customers-data-and-trust

  • 92% of customers stated that they would be more willing to trust a company with their personal information if they would have control over what information is collected about them (Data Privacy Manager has a built-in portal for managing customer’s privacy settings, a simple solution that will give customers complete control over their personal data.)
  • 91% would appreciate transparency about how their information is used
  • 91% said that they would like to see a commitment by the company to protect their personal information
  • 90% would like if a company would have a strong privacy policy
  • 88% would like a company to ask for their explicit consent to use their information (which is legally required by the GDPR anyway)
  • 88% of customers do not appreciate sharing their personal information with third parties without permission
  • 86% would be more willing to share their information if you would explain how using their personal information will improve their customer experience 
  • 78% would trust you with their personal information if you can fully personalize their customer experience 

Those are some really high percentage, and having a strong privacy policy or ask for explicit consent is not really an impossible task to achieve.

Reputation management: What can you do to make your customers trust you more?

In 2018, customer expectations hit all-time highs (according to data-driven research on more than 6700 customers), they know their rights and are not afraid to exercise them.

Keeping a record of their activities, and requests become a complicated process, and that is why automatization is the key.

As the company progresses even further with customer acquisition, data collection and market expansion, automatization of the processes will become unavoidable.

Protecting customer data, fulfilling their rights, and building trust are three interconnected things. There is a quick checklist on how to start that journey

  • create a privacy policy and stick to it
  • explain to the customer why you are asking for their data, how it will be used and who is going to process it
  • respect the deadlines for resolving customer requests and enable customers to exercise their right that GDPR (or any legislative) has given them
  • show them how the collected data is going to provide them with useful information or a better customer experience
  • protect their data by any means available and adjust the level of data security to the sensitivity of their data

Solution for GDPR Compliant Data Removal