In the 21st century, the data breach apology letter has established itself as a new literary art form. Countless CEOs from corporations big and small as well as elected officials have had to reach out to the public and offer mea culpas that both communicate how sorry they are that this serious breach happened, and ultimately that there is nothing to worry about because nothing has happened to you … yet. So how does one communicate that something is both grave and inconsequential? It’s not easy, but just take a look at these modern classics from the past few months.
“I deeply regret the exposure of the personal information that occurred and am angry that it happened…. I want to reassure people that the information was sealed off from any public access immediately after the mistake was discovered and was then moved to a secure location. We take information security very seriously, and this type of exposure will not happen again.”
– April 11, 2011, Texas State Comptroller Susan Combs, responding to news that 3.5 million Social Security numbers, addresses, birthdates and (somewhat fewer) driver’s license numbers left on a easily accessible, public computer server for an entire year (which means that someone has very likely been messing with Texans).
“We are extremely regretful that this incident has impacted…. clients and their customers. We take consumer privacy very seriously and work diligently to protect customer information…. We apologize for the inconvenience that this matter has caused consumers and for the potential unsolicited emails that may occur as a result of this incident. We are taking immediate action to develop corrective measures intended to restore client confidence in our business and in turn regain their customers’ confidence.”
– April 6, 2011, Bryan J. Kennedy, president of Epsilon, an email marketing firm, responding to news that likely tens of millions of email addresses on the marketing lists of some of the country’s largest banks, retailers and lifestyle companies were compromised because an unauthorized user gained access to Epsilon’s systems.
And how could we forget this old chestnut?
“Our experts have advised us there is no indication at this time that any of your personal information has been accessed or misused…. is committed to preventing further incidents of this kind. We have reviewed our data security practices, and are putting additional protections in place to help assure the security of all our clients’ personal information…. Keeping your information secure is of the utmost importance to us, and we very much regret that this situation occurred.”
– February 14, 2011, David Zitlow, EVP at Cord Blood Registry, responding to news that the names, Social Security numbers and credit card information of 300,000 clients were left unencrypted on several back-up discs stuffed in a backpack that was stolen out of an employee’s car.
It is very likely that you or someone in your family has read a press report which included a quote, or received a letter containing one of the above now-hackneyed statements. The reason you have is because data breaches of typhoon magnitude are occurring with frightening frequency. In the last few months there have been several major breaches, like those mentioned above.
Image: tup wanders, via Flickr.com