Boss, I Think Someone Stole our Customer Data

I didn’t know much about data security when I first started helping to shape the content for the 2007 Visa Security Summit.  One of the skills I brought to my role of Director of Harvard Business Conferences was the ability to look at a thought leadership challenge faced by a company, get up to speed on it quickly, and frame it in a way that was compelling for the target audience to be influenced (and legitimate for HBP to be talking about). From there, I worked to create content that met high editorial standards, was objective, and yet which still helped the sponsoring company meet its communication goals. In other words, I helped companies get beyond their own marketing hype to see how their customers viewed the world and to deliver meaningful information to help those customers solve an important problem.

I see thought leadership as an algabraic equation: given challenge X, your customers will be better equiped to meet that challenge if you educate them about Y. The sponsoring company gives you X and you solve for Y. The customer remembers the sponsoring company as the source of the knowledge and thinks of them as the smartest folks regarding that challenge and this makes them more likely to call. In addition to Visa, I led efforts to do this for UPS (global trade and supply chain management), Accenture (adoption challenges with electronic health records), Coca-Cola (happiness), Nuance (customer experience), SAS (analytics) and others.

After the Visa summit, I turned what I learned into a case study for Harvard Business Review (repurposing content is part art and part science), “Boss, I Think Someone Stole our Customer Data”:

Flayton Electronics is showing up as a common point of purchase for a large number of fraudulent credit card transactions. It’s not clear how responsible the company and its less than airtight systems are for the apparent data breach. Law enforcement wants Flayton to stay mute for now, but customers have come to respect this firm for its straight talk and square deals. A hard-earned reputation is at stake, and the path to preserving it is difficult to see. Four experts comment on this fictional case study in R0709A and R0709Z. James E. Lee, of ChoicePoint, offers lessons from his firm’s experience with a large-scale fraud scheme. He advises early and frank external and internal communications, elimination of security weaknesses, and development of a brand-restoration strategy. Bill Boni, of Motorola, stresses prevention: comprehensive risk management for data, full compliance with payment card industry standards, and putting digital experts on staff. For the inadequately prepared Flayton, he suggests consulting an established model response plan and making preservation of the firm’s reputation its top priority. John Philip Coghlan, formerly of Visa USA, discusses the often-divergent positions of data-breach stakeholders and puts customers’ interests first. Swift disclosure by Flayton, he argues, would empower consumers to protect themselves against further fraud and might even enhance the company’s reputation for honesty. Jay Foley, of the Identity Theft Resource Center, recommends that Flayton emphasize quality of communication over speed of delivery. More broadly, he advocates cautious management to prevent data thefts, which are proliferating and could have long-term consequences.

I’ve gone on to teach this case several times for the Insitute for Advanced Network Security –now known simply as IANS (where I am on the faculty for leadership and management) and I know that it used at the Worcester Polytechnic Institute and other institutions of higher education.

As with all of my work for Harvard Business Publishing, it is still for sale on their site so I can’t post the entire article. They’ll be happy to sell you a copy.

Related Posts with Thumbnails
%d bloggers like this: