Exposing sensitive personal information means always having to say you’re sorry. Some people do it better than others, however.
Here are 10 examples of data breaches and the resulting apologies issued by companies, universities, and one government agency. After each apology, the team from the Web site Perfect Apology weighs in with a detailed evaluation and ranking on a scale of 1 to 10. Read through the list to find out who scored a -3 on the Perfect Apology scale.
Information in this list comes from the Privacy Rights Clearinghouse, the Web sites of the companies listed, and various news accounts. For an analysis of the evolution of these responses, click here.
Breach: The Massachusetts-based retailer, which operates T.J. Maxx, Marshalls and other stores, warned customers in January that its computer network had been broken into in May 2006, compromising customer credit-card information and other data. TJX announced in February that an investigation showed intruders had gained access to TJX systems almost a full year earlier than initially thought and had compromised more payment card data than initially believed.
Apology (letter posted on TJX Web site Feb. 21): “As TJX’s President and Chief Executive Officer, I want our customers to know how much I personally regret any difficulties
you may experience as a result of the unauthorized intrusion into our computer systems. We are working with leading computer
security firms to investigate the problem and enhance our computer security in order to protect our customers’ data. . . .
With the help of computer security experts, we have strengthened the security of our computer systems and we believe customers
should feel safe shopping in our stores. We value the trust our customers place in us and again, I’d like you to know that
we sincerely apologize for any difficulties you may be caused. Thank you for continuing to shop at our stores and for your
years of loyal patronage.”
Respectfully,
Carol Meyrowitz
President and Chief Executive Officer
Perfect Apology ranking: 5. The problem was blamed on an “unauthorized intrusion,” so the apology doesn’t acknowledge responsibility. Customers easily can see the obvious distinction between “regretting difficulties” caused by “intruders” who “compromised” security (that is, ‘it was out of our control’), and a sincere apology for the company’s failure to mount sufficient security to prevent this from happening (which is under their control). The CEO then thanks customers for “continuing to shop at our stores” instead of expressing at least some understanding for why they might not want to.
Partner Content
NetScout and analyst Jim Metzler have teamed to deliver a series of IT Briefs on Network and Application Performance Management leveraging research from NetScout's nGenius & Sniffer users.
www.netscout.com
Metzler on Service Delivery Management
Delivering IT business value by evolving our thinking from managing application performance to focusing on services.
Learn More
2009 Handbook of Application Delivery
Successful IT organizations must know how to make the right application delivery decisions in these tough economic times.
Download the Handbook
Metzler on the Modern IP Network
Discusses the growing emphasis on network management and the need to implement a holistic view of the end-to-end experience of the user.
Read the Brief