Rating apologies

Deep regrets, from TJX to ChoicePoint, about data leaks

Exposing sensitive personal information means always having to say you’re sorry. Some people do it better than others, however.

Here are 10 examples of data breaches and the resulting apologies issued by companies, universities, and one government agency. After each apology, the team from the Web site Perfect Apology weighs in with a detailed evaluation and ranking on a scale of 1 to 10. Read through the list to find out who scored a -3 on the Perfect Apology scale.

Information in this list comes from the Privacy Rights Clearinghouse, the Web sites of the companies listed, and various news accounts. For an analysis of the evolution of these responses, click here.

To continue reading, register here to become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Exposing sensitive personal information means always having to say you’re sorry. Some people do it better than others, however.

Here are 10 examples of data breaches and the resulting apologies issued by companies, universities, and one government agency. After each apology, the team from the Web site Perfect Apology weighs in with a detailed evaluation and ranking on a scale of 1 to 10. Read through the list to find out who scored a -3 on the Perfect Apology scale.

Information in this list comes from the Privacy Rights Clearinghouse, the Web sites of the companies listed, and various news accounts. For an analysis of the evolution of these responses, click here.

1. TJX

Breach: The Massachusetts-based retailer, which operates T.J. Maxx, Marshalls and other stores, warned customers in January that its computer network had been broken into in May 2006, compromising customer credit-card information and other data. TJX announced in February that an investigation showed intruders had gained access to TJX systems almost a full year earlier than initially thought and had compromised more payment card data than initially believed.

Apology (letter posted on TJX Web site Feb. 21): “As TJX’s President and Chief Executive Officer, I want our customers to know how much I personally regret any difficulties you may experience as a result of the unauthorized intrusion into our computer systems. We are working with leading computer security firms to investigate the problem and enhance our computer security in order to protect our customers’ data. . . . With the help of computer security experts, we have strengthened the security of our computer systems and we believe customers should feel safe shopping in our stores. We value the trust our customers place in us and again, I’d like you to know that we sincerely apologize for any difficulties you may be caused. Thank you for continuing to shop at our stores and for your years of loyal patronage.”
Respectfully,
Carol Meyrowitz
President and Chief Executive Officer

Perfect Apology ranking: 5. The problem was blamed on an “unauthorized intrusion,” so the apology doesn’t acknowledge responsibility. Customers easily can see the obvious distinction between “regretting difficulties” caused by “intruders” who “compromised” security (that is, ‘it was out of our control’), and a sincere apology for the company’s failure to mount sufficient security to prevent this from happening (which is under their control). The CEO then thanks customers for “continuing to shop at our stores” instead of expressing at least some understanding for why they might not want to.