In the era of cloud computing, any incident pertaining to privacy or security -- even a minor one -- is the fastest way to erode brand equity and consumer trust. Botching the communications around these events or, worse, not being proactive ahead of time to think the unthinkable, could clinch that your brand may never be able to stage a comeback.
Sound ominous? It is . Yet few companies outside the tech world have strategies to think through how potential privacy and security issues could impact their brand equity as more data migrates to the cloud.
Here are three maxims every company should keep top of mind. These best practices come out of the technology industry which, according to our data, has long been the most trusted.
At a basic level, Dropbox and Evernote are similar companies. Both store personal information in their cloud and seamlessly sync it across a myriad of devices. Both have millions of loyal users, many of whom pay for their services. However, that 's where the similarities end.
Evernote has been exemplary in not only disclosing how it stores user data but in showing even novices how to encrypt it. Its executive management -- especially CEO Phil Libin -- and marketing and support teams are all individually visible online in social media and offline at events. They are approachable and accessible. This human touch helps them earn trust over time and could insulate them.
Dropbox, by contrast, is more opaque. Its blog and Twitter accounts are updated infrequently, and even its most loyal users probably couldn't name the company's CEO. Had they been more proactive in communicating in a human voice over the years, they might have been able to more easily manage a major security incident last week that left millions of personal files unlocked for four hours.
Almost every company today has a privacy and security policy and/or a terms-of -use page on its website. Unfortunately, these are written by lawyers and are complex. Therefore, most consumers don't read them and don't have any idea just what data they are entrusting in exchange for services.
Amazon, as Forrester Research has pointed out in the past, also uses plain language to explain what information is shared with Facebook for those who choose to link their accounts. This communication goes beyond what Facebook already shares once an authorization is requested.
The lesson: Over-communicate on privacy, but do so in a simple, human tone.
Data flow today like electric power over copper wires. This means that one mishap somewhere on the grid can bring others down fast. Few companies, even in technology, have taken the time to fully think through not just their own vulnerabilities but the risks that could ensnare them from deep within their byzantine maze of partners.
The Epsilon and Gawker Media incidents earlier this year are good examples of how a privacy or security gaffe beyond your own control can make your customers, and thus your brand, vulnerable.
In both cases, thousands of email addresses, and in Gawker's case, passwords, were released into the wild. Given that many consumers use the same address and password across different sites, these incidents left high-value targets -- such as banks -- vulnerable to email harvesters and hackers. Some, such as LinkedIn (an Edelman client) chose to be proactive and reset logins, just to be safe.
In developing a plan, look for the weakest link in your data trail and have a robust plan for thinking just how a security situation outside your control might affect your brand. Have a plan for dealing with the questions that will come in not just from the media, but from consumers directly via your Facebook and Twitter embassies. Also consider preparing for these vulnerabilities ahead of time by hosting joint "war games" with key partners.