Data Privacy Trifecta of Badness

One of my areas of speciality and focus has been managing data security and privacy crises.

So it’s been an interesting month to watch with three different incidents:

  1. The Epsilon data breach which saw the loss of customer names and email addresses for over thirty of Epsilon’s clients.
  2. The Apple iPhone tracking issue.
  3. The Sony PlayStation Network (PSN) outage and data breach.

While these issues affect different companies and different industries, all three major incidents are similar in terms of the shortcomings of their crisis communications response. In all three cases, there is a distinct lack of simple, clear, proactive, authoritative information coming from the affected companies.

With Sony it’s a slow, seemingly grudging response. With Apple it’s a backpedaling response with a hint of “you don’t understand”. And with Epsilon and its clients, it’s an uncoordinated, scattered and confusing response.

All three situations are bigger crises and bigger hits to reputation than they needed to be and that’s because of how the communication has been handled (or not). In fact, in the case of Sony, they’ve managed to obscure the fact that they’re doing the right thing from a technical point of view with their communications. There’s a lost opportunity there for them to get credit for a good technical response.

There’s a lot that can be analyzed with each of these situations but at a high-level, it’s good to take a step back and notice that there’s a trend here towards poor communications around data privacy incidents taking shape.