Your company is entrusted with sensitive, personal data – that of your employees, customers, investors, and others. These individuals trust that you are protecting their privacy and managing that information to their expected standards. This trust is critical to the long-term success of your company.
The question is: when a data breach happens, are you prepared?
A data breach involving personal information can put affected individuals at risk of personal and economic harm and, consequently, severely damage an organisation’s reputation.
This year, more than one million Australians had their private data lost or stolen in just ONE data breach, and 242 data breaches were reported in just a three-month period.
It’s never been more important for senior business leaders to have experience in managing crisis situations and to understand what external factors will impact that crisis and how to be prepared to manage the risks in your business.
But first, you must prepare.
Thoughtful preparation is key to managing your organisation’s reputation during a data breach. A comprehensive and practiced response plan will enable you to respond, reassure and recover more quickly.
We now operate in an environment where many more stakeholders have the power to ruin the reputation of your organisation. Community expectations have changed and the goalposts have shifted. So, does your crisis management plan accurately reflect the robust matrix of stakeholders, their key issues, the sentiment for that stakeholder group and the expectations of your organisation? Has your plan had the input of the people within your organisation who are the “owners” of the key stakeholders?
Preparation must look at the synchronisation between your traditional communications approach and your brand’s digital ecosystem. There should be no gap between your various communication channels.
Once a data breach has occurred, there are three core tenets of how to respond in a crisis: speed, ownership and empathy.
In the age of social media and the 24/7 news cycle, public scrutiny can be intense. Your response needs to be swift and authentic.
Community expectations have changed the way we communicate; what we talk about, when we talk and through which channels. When communicating through a data breach crisis, your stakeholders will assume you understand their expectations and the way you communicate with them must be seamless in tone, content style and channel, while delivering all the facts.
Be clear that you are taking ownership and accountability for the issue. Respond with integrity and make no excuses or denials.
Don’t talk about the hard stuff. Have empathy for the human consequence of what’s happened – make it human; and make it about those impacted, NOT about you or your organisation.
And, when the crisis is over, call an end to it. Let your stakeholders know what you have done and provide assurances of how they can place trust back in your organisation that it won’t happen again.
Renée Bertuch, Managing Director, Cannings Strategic Communications