Exposing sensitive personal information means always having to say you’re sorry. Some people do it better than others, however.
Here are 10 examples of data breaches and the resulting apologies issued by companies, universities, and one government agency. After each apology, the team from the Web site Perfect Apology weighs in with a detailed evaluation and ranking on a scale of 1 to 10. Read through the list to find out who scored a -3 on the Perfect Apology scale.
Information in this list comes from the Privacy Rights Clearinghouse, the Web sites of the companies listed, and various news accounts. For an analysis of the evolution of these responses, click here.
Breach: The Massachusetts-based retailer, which operates T.J. Maxx, Marshalls and other stores, warned customers in January that its computer network had been broken into in May 2006, compromising customer credit-card information and other data. TJX announced in February that an investigation showed intruders had gained access to TJX systems almost a full year earlier than initially thought and had compromised more payment card data than initially believed.
Apology (letter posted on TJX Web site Feb. 21): “As TJX’s President and Chief Executive Officer, I want our customers to know how much I personally regret any difficulties
you may experience as a result of the unauthorized intrusion into our computer systems. We are working with leading computer
security firms to investigate the problem and enhance our computer security in order to protect our customers’ data. . . .
With the help of computer security experts, we have strengthened the security of our computer systems and we believe customers
should feel safe shopping in our stores. We value the trust our customers place in us and again, I’d like you to know that
we sincerely apologize for any difficulties you may be caused. Thank you for continuing to shop at our stores and for your
years of loyal patronage.”
Respectfully,
Carol Meyrowitz
President and Chief Executive Officer
Perfect Apology ranking: 5. The problem was blamed on an “unauthorized intrusion,” so the apology doesn’t acknowledge responsibility. Customers easily can see the obvious distinction between “regretting difficulties” caused by “intruders” who “compromised” security (that is, ‘it was out of our control’), and a sincere apology for the company’s failure to mount sufficient security to prevent this from happening (which is under their control). The CEO then thanks customers for “continuing to shop at our stores” instead of expressing at least some understanding for why they might not want to.
Rss FeedRss Feed
The Leader in Network Knowledge
Partner Content
Blue Stripe Software
www.bluestripe.com/
Improving Application Performance Troubleshooting
Diagnosing why an application is slow is hard, at times taking days or weeks to isolate and resolve. This paper explains the challenges involved using current management tools, provides a 'wish list' for application management and analysis, and explains the need for an application system-wide approach that monitors entire applications, not components.
Download Whitepaper
Virtual Vigilance: Managing Application Performance in Virtual Environments
This paper highlights the impact of virtualization on application performance. "Managing Application Performance in Virtual Environments" states: "Best-in-Class organizations are predominately taking actions around improving visibility across both physical and virtual systems, assessing the business impact of application performance and understanding interdependencies of applications in virtualized environments."
Download Whitepaper
Application Service Requests: The Missing Link for Pragmatic ITSM
Forrester Research analyst Glenn O'Donnell and BlueStripe co-founder Vic Nyman discuss a breakthrough approach to application problem management. Learn the new approach for ITSM problem management, which provides: Rapid isolation of application slow-downs to specific components for quick problem resolution, 24/7 monitoring for proactive notification of potential issues before end users are impacted and much more.
Register for Webcast
Comments (10)
A brief history of data-breach apology lettersBy Anonymous on March 15, 2007, 4:43 pmOne of the key criticisms of all these apologies is that the company didn't acknowledge any responsibility. In our litigious society, an acknowledgement of responsibiliy...
Reply | Read entire comment
Apologies written by LawyersBy Jerry H on March 16, 2007, 10:51 amI agree with the prior comment that the lawyers would be suing these companies if they accepted responsibilities. In all probability, these were edited by their...
Reply | Read entire comment
However true that may beBy Anonymous on March 17, 2007, 6:55 pmHowever true that may be (and I am not convinced that a clever lawyer can't find a way of having his client apologize without it being a cause for litigation)the...
Reply | Read entire comment
Apology Reviews RevisitedBy Peter F. Goolpacy on March 17, 2007, 7:44 pmThe two previous comments about the legal implications of business apologies are only partially correct. It’s certainly true that most business apologies are crafted...
Reply | Read entire comment
Data Breach ApologiesBy Anonymous on March 19, 2007, 8:20 amOne should add Microsoft to this list when its anti-virus software hoses e-mail and then they blame the user.
Reply | Read entire comment
Apology for mismanaged informationBy Anonymous on March 19, 2007, 2:18 pmI am glad to know that there is an effort to bring the CEO to the foreground when there are breaches in security. My problem is finding the company responsible...
Reply | Read entire comment
View all comments