Exposing sensitive personal information means always having to say you’re sorry. Some people do it better than others, however.
Here are 10 examples of data breaches and the resulting apologies issued by companies, universities, and one government agency. After each apology, the team from the Web site Perfect Apology weighs in with a detailed evaluation and ranking on a scale of 1 to 10. Read through the list to find out who scored a -3 on the Perfect Apology scale.
Information in this list comes from the Privacy Rights Clearinghouse, the Web sites of the companies listed, and various news accounts. For an analysis of the evolution of these responses, click here.
Breach: The Massachusetts-based retailer, which operates T.J. Maxx, Marshalls and other stores, warned customers in January that its computer network had been broken into in May 2006, compromising customer credit-card information and other data. TJX announced in February that an investigation showed intruders had gained access to TJX systems almost a full year earlier than initially thought and had compromised more payment card data than initially believed.
Apology (letter posted on TJX Web site Feb. 21): “As TJX’s President and Chief Executive Officer, I want our customers to know how much I personally regret any difficulties
you may experience as a result of the unauthorized intrusion into our computer systems. We are working with leading computer
security firms to investigate the problem and enhance our computer security in order to protect our customers’ data. . . .
With the help of computer security experts, we have strengthened the security of our computer systems and we believe customers
should feel safe shopping in our stores. We value the trust our customers place in us and again, I’d like you to know that
we sincerely apologize for any difficulties you may be caused. Thank you for continuing to shop at our stores and for your
years of loyal patronage.”
Respectfully,
Carol Meyrowitz
President and Chief Executive Officer
Perfect Apology ranking: 5. The problem was blamed on an “unauthorized intrusion,” so the apology doesn’t acknowledge responsibility. Customers easily can see the obvious distinction between “regretting difficulties” caused by “intruders” who “compromised” security (that is, ‘it was out of our control’), and a sincere apology for the company’s failure to mount sufficient security to prevent this from happening (which is under their control). The CEO then thanks customers for “continuing to shop at our stores” instead of expressing at least some understanding for why they might not want to.
Partner Content
www.netscout.com
VOIP OPTIMIZATION
Optimize and assure the delivery of Voice over IP services with a superior packet based management platform that delivers unified views and analysis of voice, video and data traffic.
Download Technical Note
VIRTUALIZATION SIMPLIFIED
Industry analyst Jim Metzler helps identify how to overcome the challenges of managing virtualized server environments in this in-depth whitepaper.
Download the Whitepaper
Managing Modern IP Networks
Industry expert Nate Kalowski discusses the best practice approach of a Performance Assurance Layer (PAL), built in an ITIL framework, as a means to speed problem resolution and enable high quality QoS.
Download the Whitepaper