A splendid article written by Bill Bourdon for the Harvard Business Review explains the four mistakes that executives make after a data breach. There is only one problem with the article: it is easier to persuade people to be positive, than to persuade them not to be negative. If you tell somebody not to do something, they think of all the reasons why they might do it anyway. If you tell somebody why they should do something, they might just agree with you. So with that mantra in mind, I have simplified Bourdon’s article and reversed its polarity, turning it into four simple principles that every executive should adopt when their business is struck by a data breach. They are:
- Act rapidly. The sooner you tell customers their data has been compromised, the sooner they can protect themselves. The sooner you fix your own issues, the sooner you will regain trust.
- Serve customers. It is their data which has been exposed, not yours. Do what is necessary to minimize the harm to them, not what you think might limit the harm to your business, because your customers are your business.
- Be transparent. If you cannot stop data breaches, you cannot stop the truth coming out either. Gossip and rumors compound the damage to your business, especially if later proven true.
- Be accountable. Execs are in charge; the buck stops with them. An exec who is humble about mistakes and who takes ownership of a problem may take steps to prevent future failure. An exec who denies responsibility cannot deliver change.
Despite its negative tone, the HBR article is still a good read, not least because it lists examples of where executives have gone wrong. You can read it here.