The Chicago Public Schools became the subject of the latest data breach scandal, after an employee emailed private student information to over 3,700 families. The emails included student IDs, emails, addresses, and phone numbers. The information was sent to families who were being invited to submit applications to selective schools. School officials issued an apology following the disclosure and promised to investigate and discipline the employee responsible. This is the second major incident for the Chicago Public Schools since 2016, when information for 30,000 students was improperly shared.
Data breaches like this are on the rise, with 1,293 reported incidents last year involving 174 million records, a rise of 45 percent from 2016, according to the Identity Theft Resource Center. Depending on how you handle it, a security breach can either hurt your reputation or provide an opportunity to reach out to your customers. Here are three strategies for managing the PR backlash after a security breach:
One of the most important moves you can make to preserve your reputation after a data breach is taking responsibility, says PR crisis specialist Emily Dent. Taking responsibility for a breach communicates integrity to your customer base. It also implies that you are in control of the situation and capable of fixing the problem. In contrast, downplaying responsibility sounds like you’re making excuses, and leads customers to question whether you’re capable of preventing future breaches.
Failing to take responsibility also increases the likelihood that the media will continue covering your story and damaging your reputation, says Dent. Take for example, the case of Ashley Madison, which responded to the breach of 37 million user accounts by portraying itself as a victim. By failing to take responsibility, Ashley Madison kept its scandal in the news for months.
Part of taking responsibility means proactively alerting customers who may have been affected by your breach. Customers will be less angry if you tell them about a potential problem as soon as possible instead of waiting until they discover their identity has been stolen. Giving customers a prompt alert increases their ability to protect their identity from further risk.
Another vital step is laying out an action plan that clearly communicates to your customers how you plan to prevent future breaches. Announcing your action plan shows customers that you’re taking steps to protect their security. This helps restore their confidence and trust in your brand.
In addition to telling your customers what security steps and policy changes you’re implementing to fix the problem, consider extending affected customers a gift to show them that you value their business. It can be a security-related gift, such as free identity theft protection. Alternately, or additionally, you may choose to extend customers some type of discount or other incentive.
A security breach can be devastating to your company’s reputation, but fortunately, taking proactive steps to protect your public image can limit the fallout. Publicly taking responsibility shows customers that you’re committed to protecting their privacy. Alerting customers that there’s been a breach gives them an opportunity to protect themselves. Telling them how you plan to fix the problem shows that you’re serious about finding a solution. Taking these steps can help restore your customers’ trust in your company and even give you an opportunity to strengthen your customer relationships.