As companies inside and outside the tech sector increasingly collect and store delicate consumer data, organizations across the board have been forced to pay closer attention to issues around privacy and security.
When breaches of data and security involve private consumer information, the potential for negative impact on corporate reputation and trust runs high.
"It becomes a massive reputation issue for the brand that has the relationship with the consumer or the customer," says Pete Pedersen, global technology practice chair at Edelman.
On the corporate end, there has been a shift away from delegating security as a legal or IT spend and a movement toward investing more heavily in planning and communications around privacy and security. One way of doing so has been through hiring chief security officers and chief privacy officers to manage policy, regulatory, technology, and communications elements that lay within this important space.
"Companies are starting to see how their communications around privacy and security can actually be a differentiator in the marketplace," explains Pedersen.
The power of clarity
Companies that present information to consumers in very clear, understandable language without hiding behind legal speak are perceived more positively by consumers than those using dense or insufficient information.
Verizon has a chief security officer, but also handles these issues collaboratively across the full enterprise. Torod Neptune, the company's corporate VP of communications, says Verizon is "aggressive in informing consumers about what they should do and what they need to be aware of in this space." It also makes a proactive effort to constantly provide information, guidance, tips, and best practices to consumers on a regular basis.
"We have the philosophy that a good offense is the best defense," adds Neptune.
Sarah Tyre, MD of Burson-Marsteller's issues and crisis group, says companies should be ready to communicate about privacy issues with any group of stakeholders, from consumers to business partners, regulators to members of Congress.
It is now expected that at a moment's notice, a corporation must be ready, willing, and able to share information about the data they possess, what they do with it, what they share and with whom, and how they protect it.
"All companies are in the data-management business to some degree," explains Tyre. "You don't need to be a social media site or e-commerce business to think about this."
As more companies become aware of their possible vulnerability when it comes to data possession, it's prudent they be prepared for a breach and the substantial communications needs that accompany it.
"At this stage, it's a question of when, not if," adds Tyre. "Regardless of the level or type of data, there is a strong likelihood it will be compromised at some point."
Burson's crisis group works with clients on a range of security issues, from providing crisis readiness diagnostics, to digital crisis simulations, to communications planning and support. This often involves the in-house communications team, the chief security and privacy officers, and legal teams.
"If you have not talked at a senior-management level about the communications and operations needs to address a breach, now is the time," advises Tyre. "People's willingness to forgive will decrease, so companies have one chance to get it right."
The field of privacy has exploded in recent years, as organizations realize the increasing need to bring on privacy professionals who can provide expertise and guidance on mitigating risk in the security environment.
Trevor Hughes, president and CEO of the International Association of Privacy Professionals, says the roles of his organization's members often extend beyond compliance and law into other departments, such as marketing and HR, in ways that can drive ROI and reduce risk.
"Consumer-facing brands need to pay attention to this issue - and they have," says Hughes.
• The number of large-scale data breaches dropped significantly in 2010, while small scale attacks increased.
• Hacking and malware was responsible for half the attacks surveyed in 2010 and for 80% of data lost.
• Outsiders were responsible for most data breaches, whereas insiders/employees were responsible for only 16% of the attack.
• Stolen passwords and credentials are a huge issue, according to the report, particularly within the retail, financial services, and hospitality industries.
Source: Verizon's 2011 Data Breach Investigations Report, prepared in collaboration with the US Secret Service