American Marketer

Columns

How brands should respond to eroding consumer trust from data breaches

November 17, 2011

 

By Dave Lewis

What has been our industry’s response to the dangerous Foxy Loxy in our midst – the spear phisher who damages our brands and destroys the trust relationships that underpin our ecosystem, using stolen credentials and hijacked reputations?

Not much.

Yes, a few enlightened companies have taken steps to protect themselves, a handful of organizations have issued guidelines and some email service providers have begun to compare notes.

But, overall, our industry response has not been commensurate to the threat.

Alarm cluck

News of each breach had been greeted with much sky-is-falling chatter, but we quickly return to debating subject lines and other mundane topics once it fades from the headlines – and do nothing.

It is as if we are in collective denial, believing this is just a fable and oblivious to where Foxy Loxy is taking us. I would typify our industry response as a non-response earmarked by deafening silence.

What is most frequently offered up as a rationale for this non-response is consumer confidence.

I agree that consumer confidence is a huge concern.

Aside from how these attacks can destroy the trust and confidence we have in each other, we should all be concerned about how they impact our customers’ willingness to entrust their data to us.

Because without consumers’ data, there can be no message – or least not one that is relevant, adds value and retains their loyalty.

Consumer data is what fuels digital communication and commerce. So no direct marketer, including me, wants to alarm consumers to the point of putting data availability at risk.

But is silence a smart response?

Tar and brush

When breaches occur, the press and politicians are anything but silent – recall the Epsilon and Sony feeding frenzies.

So I do not see how silence instills consumer confidence in the face of how data compromises are spun up into truly scary incidents.

I would argue our silence is alarmist in and by itself. Our silence allows others to define us and contributes to our credibility challenges.

Too many consumers already believe we cannot be trusted to use their data in the ways they would prefer or protect their privacy.

But if consumers are left with the perception that we cannot even hold onto their data or prevent it from falling into the hands of those who would do them great harm, where does that leave us relative to consumer trust and confidence?

No, silence is not a smart strategy if our concern is consumer confidence. And neither is resistance to industry security standards, rating systems or regulations on data breaches.

Indeed, it puts us on the wrong side of yet another issue – and one we will lose anyway because these things will come to pass, whether we support them or not. And our opposition, even passive non-support, does not enhance consumer confidence – it further erodes it.

Is our concern that some brands cannot satisfy the standards, ratings or regulations? That is valid, but I fail to understand how silence raises their awareness of the threat and rallies them to action, or how opposing such measures helps prepare them to meet them.

But what I do understand is that whenever there is a breach, the same dirty brush tars even those brands that are good data custodians. That is because consumers do not differentiate the good from bad when the standards, ratings and regulations that would allow them to do so don’t exist.

So how should our industry respond?

Return to sender

The answer is straightforward: do the opposite of what we are doing now.

Abandon the pretense that the threat does not exist.

Stop hiding under the covers because it is a scary story, hoping against hope that the spear phisher will pass us by or that consumers will somehow forget about our lapses in safeguarding their data. That is like believing Foxy Loxy’s lies that we will be safe in his lair.

Instead, let us talk openly and honestly about the nature of the spear phisher threat.

Educate customers on how they can protect themselves and get behind initiatives like “Why Your Browser Matters.”

And let us educate ourselves about how to safeguard our messaging environments.

Most important, let us commit to fixing the problem, not just give it lip service. Implement the best-practice guidelines issued by the OTA, ESPC and others, and make the messaging technology investments required to protect our digital interactions with customers and each other.

Let us act more collaboratively, too.

The diversity of our industry is a significant strength, but becomes a serious vulnerability when we cannot reach beyond our differences in responding to a common threat.

SO LET US close ranks. Stop worrying about who leads the charge and more about its effectiveness. Surely, the formation of a threat clearinghouse is one collaboration idea whose time has come.

Safe and secure messaging must become a guiding principle for the future of digital communication.

Let us champion it – make it the key point of competitive differentiation it should be.

Become advocates for the right security standards, rating systems and breach regulations.

Allow market dynamics attend to those companies that cannot make the cut, but not take down the whole industry because of the inaction or inability of a few.

Let us do what needs to be done to preserve the vitality of our discipline, ecosystem and medium for the sake of our customers as well as ourselves.

Do these things and we can rid ourselves of Foxy Loxy and keep the sky where it belongs.

Please click here to read yesterday's installment, "Data breaches and the erosion of consumer trust in brands"

Dave Lewis is San Francisco-based chief marketing officer of Message Systems. Reach him at dave.lewis@messagesystems.com.