Data crisis, we have not seen anything yet

We’re all going to have to change how we think about data protection.
Elizabeth Denham

Data crisis, we have not seen anything yet

Few days after the E.U $5 billion fine to Google, I thought relevant to write about the crisis-related theme for business owners since technology companies will be under severe scrutiny in the years to come. You see their models are a new, or unknown, or ‘peculiar’ thing for authorities and the world… In today’s hyper-connected world it feels like a data breach happens almost every day. Upmarket grocer Fortnum & Mason, Costa Coffee owner Whitbread and hotel chain Travelodge were among the companies to warn customers and job applicants that personal details have been compromised in recent days.

In 2013, an IT security blogger broke a huge story: Target’s IT systems had been hacked, exposing the personal data of up to 110.000.000 customers. Target issued a statement and posted a video on its website. The company apologized. Unfortunately, it responded before officials were fully aware of the cause of the problem. This forced Target to later walk back some of its statements, such as the number of customers whose information was hacked. In the eyes of the consumer, Target seemed unprepared, unprofessional, and a bit suspicious. If you google the IT/Data hacks in 2018 only (random search), you’ll find all sorts of instances:

Imagine the risks of digital transformation at all service access points for partners, consumers, and citizens…

The probability of a crisis

Hack breaching of personal data equals an unprepared organization for Banks, Retailers, and app owners. As the networked economy is evolving, we will see new crisis areas: health & safety, cultural & diversity, employees’ welfare and culture, cyber-security, hacks on critical corporate data. The list can be long for both the old-established and startup companies.

Global hackings start to impact corporate bottom lines in the wake of Mondelez’s big ransomware attack (July 2017). Note that Mondelez estimated that the attack would shave-off 3% of second-quarter revenues.

Be always prepared for the unthinkable

What do you respond to investors, shareholders, media, and customers? What kind of company are you (perception-wise) if you are seen as responsible for data crisis? Building a sustainable and leading-thriving organization involves many angles and moving parts, from great products and services to high-powered teams, bulletproof systems, a thriving online presence, and the ability to scale.

But one of the issues that are often neglected is preparing for the real-world, real-life. You should always be prepared for the unthinkable. Have a crisis-ready culture that is both vigilant and resilient. Even tracking will become riskier now that we do Marketing in the digital channels (here’s below a humorous, but essential tweet to think it over…)

The problem is, they all already do, and probably don’t even know how they’re doing it, thanks to all the digital agencies, adtech snake oil middlemen and ignorant ‘heads of digital marketing’
— NinjaCyborg (@NinjaCyborg) March 28, 2018

How is our data getting exposed?

Almost two-thirds (62%) of individuals whose personal information had been breached (ie. the HSB case) were offered post-crisis credit monitoring or restoration services and 41% took advantage of those benefits. But when they were asked if they leave, they said yes, because of the bad experience they have had: a) they were last to know that their ‘identities’ were stollen; b) 38% said they had to apply all over again for their banking entities; c) they had to hire a lawyer to mitigate for fraudulent tax filings, d) some were contacted, wrongly, by a collection agency action over a debt they didn’t have. Imagine how chaotic it can be.

Data is everywhere, so the risk is everywhere

Every CIO knows today that his/her organization is one click away from a hack that could bring the financial and brand reputation integrity of the company down. And every IT team has spent time and money anticipating, preparing, and forestalling such attacks. But at a deeper level, every organization has to be ready to both support and respond to IT warfare with an organization-wide awareness and planning that few organizations understand, much less have accomplished.

Through my years in PR, I’ve led special issues’ strategic response campaigns for Health & Safety, Employer issues and restructuring, Briberies, Interceptions but the IT area was difficult and hard to tackle in crisis-response (in terms of speed, readiness, and customer information). More examples? The nutrition tracker MyFitnessPal announced that 150,000,000 accounts had been hacked. We have even read for solutions to help audiences protect from future hacks:

Have I Been Pwned? will inform you if your account was compromised (they’ve catalogued over 4.9 billion hacked accounts.)
1Password is better than storing your passwords on a post-it note, and they have powerful integrations with every browser.
Privacy.com is the Snapchat of credit cards, generating a new credit card for every transaction.

Crises will intensify

Within the last decade, we’ve witnessed approximately 220 corporate crises (big names): VW diesel emissions; Turing pharma (retail price of a ($1 cost) life-saving drug from $13.50 to $750 a pill); 14 FIFA officials indicted for wire fraud, racketeering, money laundering; numerous companies selling to sanction-areas or non-democratic regimes; others accused of bribery and oligopolies. Even Apple was accused of child labour, and Amazon on its policy forcing warehouse employees to work unpaid overtime. Of course, they were strong brands with goodwill ‘safety nets’…

Now, picture this if you lead an organization: if social voices rise in Twitter and other platforms; if hate groups and hecklers preach even louder; if human rights and sustainability issues continue to be central in the public dialogue; if conspiracy theorists and journalistic activism become an established pattern; if fake news increase more, then the corporate world will be under the serious impact, attacks and perception pressures, to say the least. Crisis impact can’t be foreseen…

According to a Digital Citizens survey, a majority of Americans (51%) now say that Facebook, Google, and Twitter are not responsible companies “because they put making profits most of the time ahead of trying to do the right thing.” And the number of Americans calling to regulate the platforms has increased to 50% in a month. “For years Google, Facebook, Twitter and other platforms have been urged to take greater responsibility for their actions, including the content that appears on their sites,” said Tom Galvin, executive director of the Digital Citizens Alliance, in a news release. “They largely ignored those warnings because there was too much money at stake. Hopefully, as platforms now face a crisis in Trust they will, at last, take responsibility.”

The importance of solid and practical crisis management governance model

A crisis management governance model dictates who within an organization makes up the crisis management team. Governance models define everything from the structure, roles, and responsibilities straight through to the internal escalation processes. There are three critical attributes of a strong crisis management governance structure:

Align the crisis-response team with the (real) structure of your organization.
Ensure each stakeholder group has a representative at the crisis-response team.
Make sure to distinct Responsible vs. Accountable…

Closing

Companies and organizations aren’t as much Trusted as they should be, and risking to expose customers’ data, digital infrastructures shows them to be ‘naive’ (the least). Every company, to build on Trust, needs an honest and on-going conversation with authorities, own customers, and all stakeholders before any crisis incident arises. Companies are a fabric of society and we need them to be trusted, transparent, and proactive for the wider good. Don’t you agree?