data breach delighted victimsWhen starting ID Experts, Rick Kam, president and co-founder, had a vision for creating a company that reduces the risks to privacy and security of personal information that we all face in today's world. Along with his vision, he established a unique culture and the concept of creating a “delighted victim” following an organization’s loss of personal information.

Individuals notified that their personal information was lost or stolen are usually not happy about that. And, in the digital age, where communication is constant and feedback ubiquitous, a negative customer experience has become even more damaging than it used to be. With data loss incidents, customers are upset that personal data was lost and can become even more infuriated when the organization’s response is inconsistent and confusing.

The often unstated challenge in any data breach, whether in the private sector or in government, involves customer service after the breach occurs. However, it’s arguably an even greater challenge in the public sector, because public trust in government institutions takes a blow every time an incident is not managed well.

Ransomware 101: What to Do When Your Data is Held Hostage

So, how do you create a delighted victim? Focus on the customer experience.

In the private sector, many large companies have responded to this newfound customer empowerment by creating the position of chief customer officers. This role is laser-focused on the overall customer experience, identifying – and fixing – any pain points before they can undermine the brand.

This same trend is evident within the Federal government. For example, the General Services Administration (GSA), the Department of Veterans Affairs (VA) and the Export-Import Bank established the Chief Customer Officer position. The Social Security Administration’s Vision 2025 effort, described as a critical first step in planning how customers will be served in the future, also reflects this focus on the customer.

In addition, the Office of Management and Budget (OMB), earlier this year launched the Core Federal Services Council, which would be “a government-wide ... vehicle to improve the public’s experience with federal services” and to “identify challenges to improving customer service for their programs.”

All of this customer goodwill can vanish in an instant, however, when a data breach is managed poorly. Any organization that experiences a data breach exposing sensitive customer information is going to take a hit on its public perception. That’s true no matter the type of organization or where the fault for the security breakdown lies.

How an organization responds to an incident, and, in particular how customers are treated, in large part determines how big and how long-lasting that reputational hit will be. In government, trust in public institutions is also at risk.

Creating delighted victims (customers) starts with being focused on the overall customer experience and the agency incident response team should reflect this.

This team can vary from organization to organization, but typically includes executives and program leaders from information technology, security, compliance, legal, human resources and public relations. Those responsible for customer experience should also be added to this list, because they can ensure that your agency utilizes all communication channels and related program investments to speak with one, authoritative voice across the organization and to customers.

This approach can include preventative engagement and education campaigns that engage employees and customers as the first line of defense against exposures of personal information. For example, the U.S. Department of Veterans Affairs (VA) Identity Safety Service educates VA employees and Veterans about the causes, effects and prevention of identity theft, and provides assistance to Veterans and other groups affected by it. The Air Force also recently launched a yearlong “Cyber Secure” campaign to address this same issue.

When an incident occurs, those responsible for the customer experience can also help create delighted victims by having a responsive communication plan that ensures consistent messaging across all channels. The omni-channel approach means answers to frequently asked questions are easily available, updated when necessary, and consistent across websites, call centers, social media and other communications modalities.

A proper breach response can create if not “delighted victims,” at least satisfied ones. While an organization may have lost their personal data, delighted victims feel comforted by a consistent, coordinated and positive customer experience.

In part, this is programmatic. For example, ensure the identity protection services offered address the risk associated with the data loss (i.e. financial, personal, medical data) rather than just offering credit monitoring, leaving the victim to fend for themselves. Agencies should also ensure that customers have ongoing support, if needed, in the form of identity restoration services and consistently communicate the availability of those services to customers.

So, what does a delighted victim look like?

A recent meeting with a government client started off by one individual stating “My Wife Loves You!”. She received a notification letter, enrolled in services and months later had an issue with identity theft. She learned about the identity restoration services through a coordinated communication plan and took advantage of the offering.

While nobody likes to receive such a letter, she was comforted by the organization’s comprehensive response and the ongoing support provided to restore her identity to pre-identity theft status.

Paul Norton is director for government sales at Portland, Ore.-based ID Experts.

Ransomware 101: What to Do When Your Data is Held Hostage