Corporate apologies don't mean much
Data breaches force company executives to apologize; but a bad apology can make things worse
By
Jon Brodkin
,
Network World
, 03/14/2007
- Share/Email
- Tweet This
- Print
There are so many ways to say you're sorry. And few organizations have had as many opportunities to apologize over the past
two years as those that handle the sensitive personal information of Americans.
Since the beginning of 2005, the Privacy Rights Clearinghouse has kept a running total of publicly disclosed data breaches that expose information potentially useful to identity thieves,
such as Social Security numbers, credit card account numbers and driver's license numbers. On Dec. 13, the theft of a Boeing laptop containing the personal information of 382,000 current and former employees brought the total number of U.S. data breach
victims to more than 100 million.
Security expert and author Bruce Schneier has said he thinks “everyone in the U.S. has been the victim of at least one of these already."
Companies in damage control mode offer a range of apologies, some that sound sincere and others that appear to deflect blame.
Network World compiled a list of 10 data breaches and resulting apologies (see accompanying story), and asked team members at Perfect Apology to rate each one in our list. They were not impressed by the mea culpas.
“Many of the CEOs made the same standard mistake," Perfect Apology writes. “They passed the buck by assigning most of the
responsibility to other forces or actors, and by emphasizing 'regret’ rather than expressing a sincere and credible apology
for their company’s failure to meet their customers’ reasonable security needs and expectations."
The makers of Perfect Apology do not reveal their real names, but say they come from a variety of backgrounds: a teacher and
writer on international relations, nuclear proliferation and global terrorism; a chief strategy officer for a dot-com company
in Silicon Valley; and a database administrator. They say they used their “collective expertise in research and problem solving"
to examine apologies offered by celebrities, athletes, government leaders, business executives and the Pope. Every mistake
has a “perfect apology," they claim.
ChoicePoint, which agreed to pay $15 million in penalties after 163,000 consumer records were compromised in 2005, earned a good review from Perfect Apology by detailing steps taken
to prevent a reoccurrence and for apologizing to consumers affected by fraudulent activity.
Boeing, on the other hand, earned Perfect Apology’s lowest score for a non-apology issued by CEO Jim McNerney after the laptop
theft exposing sensitive employee information. Instead of taking responsibility, McNerney wrote in an e-mail to employees
that “I’m just as disappointed as you are about it."
“None of the apologies acknowledges any real responsibility for the loss of security," Perfect Apology writes. “Also, very
few of these apologies explained what the company was prepared to do to prevent the same thing from happening again."
Companies that expose data could take a cue from JetBlue, an airline that drafted a customer bill of rights after recent flight delays left passengers stranded aboard planes for hours.
Comments (2)
Data breaches and apologiesBy Anonymous on March 14, 2007, 2:55 pmI wrote about leaks and apologies before at securetheworld.blogspot.com/...leaks.html Re: If you don't apologize, you'll be sorry.
Reply | Read entire comment
Looks like someone wants anBy Anonymous on March 15, 2007, 11:00 amLooks like someone wants an apology
Reply | Read entire comment
View all comments