How to Communicate News of a Data Breach to Your Clients

How to Communicate News of a Data Breach to Your Clients

The regularity of data breaches should have us considered how we would react if we’re targeted. Notifying clients that they’ve been betrayed is daunting. Data breaches, in general, are already stressful enough. When they occur there are oftentimes feelings of shame and reluctance to notify impacted subscribers. It would be a huge misstep to avoid reaching out to customers during this critical time. Show your customers they are your highest priority and your working hard to resolve the situation. You’ll most likely have to send it to your entire subscriber list. Follow these best practices to restore your customers’ trust.

Speak to Them Genuinely

Customers may feel betrayed, vulnerable and suspicious. They trusted you with their information, and now that information has been exposed. While keeping a serious, calm tone is important (to avoid mass panic), also remain sincere, apologetic and helpful.

It’s important to use simple English when discussing the situation. A data breach is scary enough without having to read an email that makes absolutely no sense to the average recipient. While some legal jargon might be unavoidable, try to keep the language as clear and simple as possible.

However, keep in mind that data breaches can have a major impact on the subscriber’s actual life. Using humor or too light of language can imply that you aren’t taking the situation seriously and rub customers the wrong way.

Provide Plenty of Info, and Make it Easy to Read

Offering the full story to customers may be nearly impossible. However, some type of information is warranted from your customers’ standpoint since it’s their information that was exposed. In any case, try to answer the who, what, where, when, why and hows. 

The notifying email is likely to be very long and very text-heavy. During times of panic, most subscribers are likely to skim the email to get a general idea of what is going on. Make skimming easier for them by using bolded headlines to emphasize the key points most significant to them. 

Recommend Next Steps

 If you are aware of the information that is exposed (such as credit card information, address, and other personally identifiable information/PII), be sure to include next steps on what customers can do to protect themselves so they don’t feel like you’ve left them to defend all on their own. If applicable, customers should contact their bank or credit card companies immediately. 

Stay on Brand 

Your customers are in an extremely vulnerable state, making suspicions naturally elevated. Ensure the branding of your email is easily recognizable, and that the friendly from line, as well as the sending domain, align with the rest of your emails.

Personalization isn’t Needed

While personalization is beneficial for the majority of the time, it’s not appropriate for breach notification. Subscribers already feel exposed, and using personalized content can indicate to subscribers that you don’t take privacy seriously. Use “Valued Guest” or “Customer” rather than first name personalization.

Avoid Links & Third-Party Domains 

You’re notifying subscribers that their information is compromised, so they’re unlikely to feel comfortable clicking on a link in the email. Avoid using links within the email, and definitely don’t use link shorteners. You must be very cautious of what you send for data breach notifications as it can easily raise even more suspicion. 

Any business in any industry could face a data breach and have to work through the aftermath. Privacy & Network Security insurance is a must for firms of all sizes to protect against this widespread exposure.

About PL Risk

In addition to bringing you the latest news from the insurance industry, PL Risk provides Resources for Agents and Brokers nationwide. We’ve recently implemented Hiscox Now, which allows agents their own access to Hiscox and instant quoting. To learn more about our operations, contact us today at (855) 403-5982.

Bookmark the permalink. Follow any comments here with the RSS feed for this post. Both comments and trackbacks are currently closed.