BrainTrust Query: The Epsilon Imperative
Through a special
arrangement, presented here for discussion is a summary of a current article
from the Tenser’s Tirades blog.
In what some observers say was the largest
breach of consumer data in history, servers at Epsilon Interactive, the database
services company, last week were compromised by hackers, exposing the names
and email addresses of millions of American consumers to the spam-o-sphere.
hours, alerts hit my personal inbox from Kroger, Target, Walgreen and HiltonHHonors
informing that one of my addresses was now in the wild. Why did these gigantic
companies have my email address stored in Epsilon servers? Simple. I am enrolled
in their frequent shopper programs. And until now, Epsilon was as reputable
and secure a place as you could get to host customer data.
The e-mails came
fairly promptly, showing these frequent shopper/guest list owners exhibited
some consciousness of responsibility for the incident. But there’s still the
legal regulatory exposure.
Under laws enacted by 46 states since the notorious
TJX data breach that came to light in 2007, any company with a direct marketing
or frequent shopper list that fails to prepare and maintain a private data
response plan may be exposed to dozens of lawsuits imposed by state attorneys
general. Legal fees and fines can spiral out of hand, and the secondary damage
to brand reputation may be multiplied along with it.
It seems that loyalty
programs just got harder to operate, but a great many consumer-facing businesses
consider loyalty and relevance-based marketing to be essential competitive
activities. Consumers expect the personalized services and rewards promised
by these programs. The databases deliver crucial insights that enable efficient
and well-targeted marketing.
While CIOs work feverishly at data security, it’s
up to the CMO and CCO to protect brand and customer equity by ensuring that
sound response plans and practices are put into place. They must confront new
- How is the consumer’s perception of our brand affected now that their
information has been violated?
- Is the value of our brand and customer equity negatively affected by a
data breech? How bad is the damage?
- Are we prepared to demonstrate our diligence to our customers and card
holders by mobilizing rapid notification and protective actions?
- What compensation can we provide to the consumer for their discomfort,
- Can our forthright response turn a data breech into a service recovery
opportunity so that we gain trust, not lose it?
In today’s world, the relevant question regarding data breeches is not “If?” but “When?” Set
against the backdrop of state and foreign regulations, this means loyalty and
direct marketers must maintain a dynamic preparedness and response plan that
can be instantly triggered in the event of a negative event. This is a capability
few companies have today, but one that all should acquire.
Discussion Questions: To what degree is news of consumer data security breaches affecting the appeal of loyalty programs? How should retailers and brands protect both consumers and their brand equity against future breaches?