Thoughts on Crisis Communication, Epsilon and GoDaddy.com
Over the past few days, many of us have been flooded with email messages from various companies notifying us of a data theft that involved an unknown entity hacking into a computer system and stealing the names and e-mail addresses of customers. Prior to Monday, I didn’t know I had any connection to Epsilon, the company responsible for maintaining this data for blast e-mails and newsletters, but other companies I do business with obviously did.
Any unauthorized release of personal data should be cause for concern, but the sad reality is that we have almost come to expect these types of security lapses. While this announcement will undoubtedly encourage us all to be watchful consumers (see Seven Tips to Avoiding Post-Epsilon Phishing), I’ve been watchful from a PR perspective and it’s been interesting to see how quickly some of the companies notified their customers of the breach, and how slow others were to respond.
One of the most basic tenants of crisis communications is to offer an immediate and honest response, which often comes in the form of an apology. Some companies jumped on the news of the hacking and immediately sent e-mails to alert customers to the breach. Kudos go to Best Buy, a company that has left me waiting 30 minutes in a customer service line, but in this case was the first to notify me of the breach. Others including Citibank and Chase took a day longer to respond. TIAA-CREF, a huge financial services firm, took a few days more to notify me that my information had been stolen. I imagine there are other companies that have not yet reached out, and some that never will.
These companies should not necessarily be faulted for the security lapse. However, those that were slow to engage their customers, or have yet to inform them of the breach, should be held accountable for what can only be described as poor communication and customer relations practices. As a customer, that matters to me, and I appreciate the immediacy and honesty of the responses I have received thus far. As a public relations practitioner, I applaud good communications practices and believe they reinforce positive brand perceptions.
The trust built between companies and consumers is a valuable commodity. Building an image as a responsible and trustworthy company takes years, often decades or more. On the flipside, one major communications misstep can shatter all of that good will, which can be devastating to a company and its brand. Take the image problems created this past week when GoDaddy.com CEO Bob Parsons posted a video of himself killing an elephant in Zimbabwe. Parsons tried to explain the reasons for the kill, but the outrage was instant and the incident may haunt Parsons and the company forever. Tens of thousands of GoDaddy customers have fled the domain registrar and competitors are offering specials, including donations to animal rights groups, for those who switch companies. The social media universe has been abuzz with negative reactions to the video, and Twitter users are using hashtags #godaddy and #movingdomains to chastise Parsons and GoDaddy.
So far, Parsons has refused to execute Step One in the crisis communications handbook: The Apology. Admitting you screwed up often goes a long way. If you can’t even get there, forget about the critically important Step Two: Communicating how to prevent that screw up from ever happening again. Parsons is not afraid of controversy, but when it causes significant, and potentially irreparable harm to his company’s bottom line, sometimes you have to put ego aside and eat crow to survive.
Ultimately, we are all responsible to our customers, and they expect transparent and responsible communications. Keeping them apprised of important information, and developing plans for those “oops” moments, can help us get back up when we stumble.