Is 5 days fast enough when it comes to Crisis Communications?
Monday, August 27th, 2007While playing 18 holes of golf at Van Cortlandt Park in the Bronx over the weekend, I read online that it took Monster.com about five days to disclose a data breach where the personal information of a whole mess of grumpy job seekers, hoping that posting their resumes on Monster would result in a life of happiness and prosperity, got stolen.
I can’t answer the question about whether five days was too little or too much, but I can give you an idea about what you need to know before you disclose to customers, the media and in most cases your bank and credit card companies. You need to know what happened, what and how much was stolen, who was affected, and what you are going to do to make sure it doesn’t happen again. Maybe not with 100% certainty what happened or who the perpetrator(s) were, but enough to know generally what broke, so that you can assure customers you will fix it.
This ultimately comes down to a trust game, and I’d advise anyone to have more information (even if it takes a few days extra), then less. Saying “we’re screwed, we just don’t know how big the pole is” doesn’t engender confidence in your customer base. If you can’t get that information after a certain amount of time, then you need to disclose anyway - but understand you’re going to be pummeled ala TJX.
That’s why I harp time and time again about crisis communications. It’s going to happen to you, it’s just not clear when.
Bookmark to:
