Jingjing Ma
Jun 14, 2019

Honesty at heart of how brands should respond to data breaches

Taking a people-first approach, admitting wrong and explaining to customers exactly what has been exposed among best practices on how to deal best with a data breach.

Honesty at heart of how brands should respond to data breaches

Data breaches are becoming increasingly inevitable, driven in part by human vulnerabilities like falling prey to phishing emails and not updating software, according to Andrew Ryder, strategy director of Edelman North Asia, speaking on a panel at Wednesday’s CampaignComms conference in Hong Kong.

The number of data breach reports reached a record high of 129 in Hong Kong in 2018, up 22% from the previous year, and 80% higher than in 2014, according to the Office of the Privacy Commissioner for Personal Data (PCPD). Ryder said these numbers are tiny compared to the number of breaches happening in the West, and asserted that it's all but inevitable that many companies will suffer breaches at some point.

With this in mind, Ryder and William Brocklehurst, corporate affairs director of Bupa, who spoke in a separate presentation, offered advice on how brands should respond to data breaches.

“The [data] breach itself isn't what will kill you, it’s how bad your response is to the breach,” Ryder said.

Admitting fault and apologising is fundamental to damage control, Ryder said.

“The biggest overwhelming scene we see [among companies] is victim behaviour: ‘Oh god, this is terrible, how could this happen to us’. We can only do a good job if we can make a client understand that they should get into their mind ‘this is our fault,’” he added.

However, he added it’s best if the company can tell customers exactly what data has been taken prior to going public.

“Although it might cause a delay in going public, it’s more compelling than just to say ‘we know some information has been taken but don’t know what it is’, as that will stir more fear and less trust in you as a business,” he said.

Brocklehurst shared the insurance and healthcare group’s experience of dealing with a specific incident. In summer 2017, a rogue employee took private data of 108,000 policy records from Bupa Global, which impacted 547,000 customers. The data, although not containing customers’ medical and financial information, was still very personal and worried customers.

After a vigorous investigation Bupa made a public statement acknowledging the issue, when it apologised for what happened, and reassured customers on how the company was dealing with the issue, said Brocklehurst. He stressed that even though legal advice may be to avoid any statement of fault, “customers want to hear apology.”

William Brocklehurst at CampaignComms.

In terms of effective response, Brocklehurst said it’s important to keep the customer at the centre.

“The priority for how we react is people first, reputation second and operation third,” he said. “Sometimes that causes some challenges, but if you act with integrity to protect the reputation, real operation should follow with that.”

Another challenge is figuring out which department in the company owns the customer data, so you can contact only the customers who have been impacted by the breach, Brocklehurst said.

“The top question is who really owns the customer: sales, marketing, after-sales services.” he said. “[You’ll be] hamstrung by systems you’ve got holding data records.”

He said companies, multinationals and agencies should make preparations like data mapping and figuring out what communications channels they have in anticipation of data breaches.

The effectiveness and consistency of communications in a data-breach incident can be the deciding factor between how well or how badly an issue is perceived to have been managed, he concluded.

Furthermore, Ryder added that the strength of a brand, its products and services will be the deciding factor on how quickly customers forgive a data breach and return.

“If you’ve got a product like Google which is pretty much intertwined with your daily life—for example with Gmail, maps and Youtube—you’ll probably go back and use the product quite quickly,” he surmised.

Andrew Ryder speaks with Campaign's deputy editor Olivia Parker at CampaignComms.


Related Articles

Just Published

10 minutes ago

Kraft Heinz CMO: Ecommerce 'a hit to profitability'

As ecommerce retailers undercut each other with discounts, brands' profit margins are becoming squeezed.

45 minutes ago

The often-hidden costs of in-house agencies

The founder and CEO of marketing consultancy TrinityP3 uses a side-by-side comparison to dig into the costs you might not have considered.

1 hour ago

Ice cream anime: Magnum tells 'pleasure tales'

The Unilever ice cream brand debuted two lovely little animated films at Sydney's Japanese Film Festival.

3 hours ago

Is the whole greater than the sum of its parts for ...

AGENCY REPORT CARD: As Zenith, Starcom and Spark Foundry meld together under the group's 'Power of one' philosophy, we grade them as one entity for the first time.