This is interesting. Publix grocery store chain has made the news because of data breach — not because they have had a data breach (though they probably have and just don’t know it) — but because it has been learned that it is sending out proposals for PR help in the event it does have a data breach. The reaction to this is mixed. Some people think it is good but many are taking a cynical view of this move.
What do I think?
Well, thank you for asking!
I like it. First, one of the most important messages I try to preach these days is the need for companies to take the threat of data breach seriously, to prepare ahead of time, and have a plan in place so that all they have to do is execute that plan in the event a breach occurs. Look, I blogged about this just this past week and a whole bunch of times before.
Does the fact that the attention to Publix’s preparation is being focused on the fact that it is seeking PR help in any way diminish this?
One of the key components to any breach response and breach response plan is to involve PR to help the company properly “message” their response to its customers to help minimize the overall disruption to the business. If the business crumbles, nothing else matters — the PR side is a key component to this is crucial.
So, if Publix is screening and assembling its PR team in an overall effort to prepare for a breach, that tells me that it is taking data breach seriously [give it a check] and that it is putting resources behind that concern [give it another check], and putting a plan in place to be prepared to respond to the inevitable data breach [give it another check]. This is good — this is what we are encouraging.
What this also tells me, and that I hope is the case, is that if Publix is devoting energy and resources to this kind of preparation, there is at least a decent chance that it is putting energy and resources into actually hardening its data security systems and improving its overall cyber security as a company. If this is true, then this is great — this is exactly what we are trying to encourage!
Now, if my assumptions are wrong and all that Publix cares about is the PR message and nothing else, well, then that is a much different story. If it is, then I really have to question the wisdom of its leadership because what this shows is that Publix is aware of the threat, recognizes the harm it can cause, is devoting energy and resources to it but in a self-centered and careless way, and is making a conscious decision to not correct it — and when that happens, if it has a breach, it just may be the one to get it!
Check out the article for yourself, here’s a brief quote:
Publix operates 1,082 locations in six states across the South and Southeast, and ranks as one of the 10 largest supermarkets by volume. The company’s request for proposals says it “would like to understand how a PR company could provide assistance preparing for, and during a data breach, e.g. advice and assistance with messages.”That could include a “proactive review” of Publix customer relations and “rapid response scheduling in the event of a confirmed breach. Publix prides ourselves in the relationships we build with our customers and associates and as such will require a company with outstanding communications skills and experience.”