Breach Notifications Should Focus On Preserving The Customer Relationship First, Then On Legal Requirements

Hit or Miss?

When responding to a data breach, the company has two primary objectives that must be balanced: (1) complying with the legal notification and remediation requirements; and (2) preserving its relationship with its customers. In my opinion, the second is always the most important because if the business fails, we too have failed.

In order to focus on preserving its relationship with its customers, the business must put itself in the customer’s shoes and ask how the customer would feel upon receiving its communications. The article below looks at Target’s breach notification email and explains how something as simple as the choice of domain for the email address can impact customer confidence and perception.

James Lyne, global head of security for Sophos, received an email from Target—although he claims that he is not even a Target customer. There are apparently many people receiving breach notification emails from Target who did not shop at Target and are not affected by the breach.

Lyne dissected the email in a post on Forbes, breaking down point by point all the ways Target failed.

Target breach notifications are a perfect example of what not to do | PCWorld.

One thought on “Breach Notifications Should Focus On Preserving The Customer Relationship First, Then On Legal Requirements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s