If you ever bought something online, chances are, your email is in that provider’s database: Maybe it was a wedding gift from Target.com or a special delivery from 1-800 flowers. Most certainly, you provided your email address when you registered for online bill payment and banking.
Many of these merchants and service providers don’t actually hold your email securely in their private database. Instead, they rely on database management vendors to manage their email lists and, sometimes, marketing campaigns. In the last 12 hours, it has been revealed that a number of these email management companies, including Epsilon, suffered a data breach, jeopardizing the privacy of millions of email records for top US retailers such as Walgreens, TiVo, Best Buy, Target stores, and more.
By now, you probably received one or two (or FIVE) emails from merchants and service providers informing you of this breach and providing suggestions to help avoid harmful viruses and further privacy violations.
Privacy and security are no laughing matter- not when it comes to our personal information. But as you read through the two or three (or FIVE) emails you received today, you will notice that to some companies, your privacy and security are not necessarily top of mind. Most start with “dear customer” (whoever you may be) and end with suggestions such as “do not open an email from an untrusted source.” Target goes further to suggest “don’t provide sensitive information in an email.” Epsilon, one of the companies whose data was breached, had a 5-line announcement on its site.
Perhaps it is because emails are such a commodity in our lives that these companies take the matter so lightly. In reality, our emails are connected to a great deal of OTHER information. They are also a gateway for malware. Email addresses are anything but “just” emails. Sloppy, generic, and casual—many of the companies signed on these emails are in fact communicating care for their customers’ experience--and they are missing an important opportunity to just the opposit: to secure their customers' loyalty and trust during a time of potential crisis.
Here are a few tips on how to be a customer-centric company when customers’ privacy and security are on the line:
1. Personalize your emails. Companies do exceptionally well at personalizing emails when they want to sell something. Why not do the same when they’re communicating something with potential repercussion to the customer? This will communicate you care about your customers rain or shine.
2. Give (helpful) information. Provide links to the original announcement, and an email address, website or phone number for more information. Target Stores provided an email contact. So did most banks. Other merchants, like 1-800 Flowers, didn’t.
3. Offer ways to monitor the situation. Customers care about their privacy and want to know what THEY can do to ensure their data hasn’t been compromised. A couple of years back, United Healthcare provided free 1-year credit reporting and monitoring service to everyone that was impacted by a security breech. You can offer free 3-month anti virus service or/and other monitoring services based on the estimated damage.
4. Tell your customers what measures you’re taking to prevent this from happening in the future. True, this isn’t your doing, but you contracted these companies to manage your customer data and hence, you have some liability over the situation. Customers should know that you are taking their privacy seriously and are ensuring your company, and your vendors, are taking measures to protect that privacy.
5. Show your customers this is not standard operation. The impacted companies are some of the largest and richest in the US. It is inconceivable that they cannot exert more influence over companies like Epsilon to communicate commitment to better security, give more information on their site, share a planned correction path, and more transparency into the situation.
Remember that it’s often at times like this—when non-standard events take place—that a company’s true care for its customers’ experience comes through. Companies’ ability to manage their customer experience will radiate much farther and will color the levels of trust and brand loyalty customers will have for a brand from here on. Next time a customer provides her email address- who would she trust more? The company who had their CEO apologize, provided an email address for questions, and describe the measures being taken to correct the situation….or the one sent from some nameless director of customer service in a boiler plate announcement and not much else?
Most companies know the cost of customer retention…you do the math.