Those were the words of Epsilon Data Management Chief Executive Bryan Kennedy when hackers stole consumers email addresses. Epsilon, a unit of Alliance Data Systems Corp, was not required to divulge the breech. Kennedy had a choice, be proactive or keep it quiet. He chose the former. Calls went out to customers, a news release was distributed and Kennedy was available to answer questions. A few short years ago, this might not have been the protocol.
The rules have changed. Epsilon was counting on the general perception that computer security lapses are no longer uncommon, that corporations are doing their best to protect our data and that the sophistication of hackers is just getting more difficult to combat. Witness media coverage about alleged espionage, hacking into U.S. government systems for defense and CIA data. If the CIA cannot completely protect its data……
Ben Worthen and Anton Troianovski have written a thoughtful WSJ article in on how Epsilon, and indeed the industry, is wrestling with this issue (Firms Come Clean On Hacks, Friday June 17). It’s a good read. And hopefully one that causes you to re-look at your perspective on how to handle a crisis.