A business’s ability to protect personal information and communicate the circumstances of a data breach can impact customer loyalty and an organization’s trustworthiness and reputation, according to a recent study by Experian and the Ponemon Institute.
In fact, according to more than 700 survey respondents, 72 percent of people who received notification of a data breach were dissatisfied with the communication and often felt the need for more information.
While the study highlights the importance of notifying consumers in the aftermath of a data breach, additional key findings include:
Notifications are unclear: Survey results indicate communication following a data breach often is unclear.
- An estimated 41 percent of respondents noted that their data was most likely stolen. However, 37 percent stated that they don’t know what the data breach incident was about, an increase from 28 percent of respondents in the 2005 study.
- Sixty-seven percent say the data breach notification did not provide enough details.
- Nearly 61 percent of respondents indicated having problems understanding the notification.
Consumers expect organizations to protect them from identity theft: Following a data breach, consumers believe organizations have obligations to protect them from identity theft and provide compensation.
- An estimated 63 percent of respondents believe organizations should be obligated to compensate data breach victims with cash, their products or services.
- Fifty-eight percent say the organization has an obligation to provide identity protection services, and 55 percent say they should provide credit-monitoring services.
“In the aftermath of a data breach, it is imperative to a company’s reputation that it take the necessary steps to inform those affected by the incident in a timely and transparent fashion,” said Dr. Larry Ponemon, chairman and founder of Ponemon Institute.
“As shown in the findings of this consumer study, resources spent on personalizing the message, offering assistance to reduce the likelihood of identity theft and providing specific information about the nature of the incident help reassure victims that the organization truly has the customer’s well-being in mind,” he added.