By Terry Corbell
Management Lessons from Epsilon’s Email-Breach Scandal
Noteworthy management lessons have evolved from the alleged data-management program at Epsilon. Obviously, Epsilon’s data management was an oxymoron. It wasn’t managed properly.
As we learned in April of 2011, the email marketing firm allowed hackers to access the names and email addresses of countless millions of businesses and consumers. All of us needed to brace for the inevitable threats of spam and scam.
But this wasn’t just a crisis-management issue.
If the email breach isn’t problematic-enough, what’s also troubling is the apparent culture at Epsilon and its parent company, Alliance Data. Their Web sites said little about their privacy concerns. But more on that later.
The only evidence of an Epsilon apology came about a week later on April 6 in a press release:
“We are extremely regretful that this incident has impacted a portion of Epsilon’s clients and their customers. We take consumer privacy very seriously and work diligently to protect customer information,” said Bryan J. Kennedy, president of Epsilon. “We apologize for the inconvenience that this matter has caused consumers and for the potential unsolicited emails that may occur as a result of this incident. We are taking immediate action to develop corrective measures intended to restore client confidence in our business and in turn regain their customers’ confidence.”
The press release also stated Epsilon has launched a forensics investigation in cooperation with federal authorities.
Granted, the press release is a positive step. But it’s troubling that Epsilon took so long to issue a statement, and it’s symptomatic of what’s contributing to the worsening image of big business.
After reading and commenting on the security scandal, a leadership blog with a video caught my eye — Harvard’s Michael Porter on How Business Can Recapture Its Reputation. (As an author of 18 books, Dr. Porter is known for his thought-leadership in management and competitiveness.)
An excerpt from his comments:
“…I think that business have tended to look at themselves as self-contained and I don’t think they have really understood the way in which they touch the community and that they touch so many social issues. The external standards, of course, have risen in terms of what is expected of a business and the standards, for things like environmental impact, is much higher now than before. So businesses get caught by surprise, they are slow to raise their own internal standards, and I think their reputation suffers.”
Ostensibly, Epsilon, Alliance Data and some corporations consider themselves self-contained and they need to raise their standards.
Here are other management lessons to consider:
In a previous column (Epsilon’s Security Flaw Threatens Millions of Businesses, Consumers) one of my concerns was one of appearances. It still is. Epsilon’s Web site touted its email marketing abilities. But nowhere was enough evidence to indicate it was concerned about privacy; nor was there adequate contrition. Appearances are important.
Further, culture starts at the top. Aside from a tardy apology and inadequate contrition, what about Epsilon’s empathy for its customers and their millions of customers? What steps are being taken to prevent future breaches? Not only is Epsilon lacking in appearances, so is its parent company, Alliance Data. Alliance has earned an infinitesimal amount of money profiting from consumers’ data.
However, its Web also site fails to create a positive impression about privacy. I’d definitely include a value proposition about privacy protection. Instead, it merely appeals to corporate desires for profits. Note its branding slogan, “Solutions That Drive Sales, Create Brand Loyalty …” The home page headline reads: “Getting results starts with knowing your customers.” Certainly, the cyber criminals have a better chance of knowing millions of businesspeople and consumers.
The lack of due diligence provides another management lesson. One would think that Epsilon’s 2,500 corporate customers would hesitate to turn over the email addresses of their millions of customers. What about their business reputations?
A certified project manager in Baltimore provides another management lesson.
“Perhaps the solution is to de-couple data warehouses and the Internet,” says David G. Peterson.
“Having been in IT for over 30 years, I know that networks can be cracked,” he adds. “I was never keen on data warehousing outside an organization, and this incident only confirms my worst fears.”
In other examples of best management practices, some customers of Epsilon have done an outstanding job of warning their customers. Others haven’t bothered, according to at least one professional, Gail Wallace, who responded to my initial column with her management lesson.
“Before the breach was public knowledge my first warning came from, of all companies, Kroger,” says Ms. Wallace, president of Bellwind Consultants in Dallas. “Next came U.S. Bank a few hours later. After the news carried the story of the breach, I received a warning from Best Buy. A friend of mine received a warning from Robert Half International as he is job hunting.”
So, thanks and congratulations are in order for Kroger, U.S. Bank, Best Buy and Robert Half.
However, Ms. Wallace provides another management lesson. She says two major banks failed to keep her informed – Citigroup and Capitol One – which prompts her to ask pointed questions:
“Does this mean they don’t care about their customers? They don’t want to spend the money to warn their customers? They were too embarrassed to admit the breach? Did they simply rely on news reports to get the word out?”
“Many other companies may have been proactive with whom I have no affiliation, but those that didn’t warn their customers may find that their customers are less than happy and might even lose customers over the neglect.”
Agreed. They’re hurting themselves by exacerbating the Epsilon faux pas.
My sense is that it’s worth noting that Citigroup and Capitol One received taxpayer bailouts. One has to wonder about their corporate sense of entitlement and lack of contrition. Certainly, they haven’t learned lessons in management. This doesn’t help the nation, the economy or their customers.
Let’s hope all such corporations watch Professor Moore’s interview and utilize another best-practice in management listening to people such as Mr. Peterson and Ms. Wallace. Further, I’d launch a quality human resources training program – from top to bottom – to change their cultures and business approaches.
But will they make the right investment?
From the Coach’s Corner, here are related articles:
- Cyber Security: Is Your Business Prepared with Precautions and Response Philosophy?
- Public Relations Expert Provides Crisis Management Tips
“Character is like a tree and reputation like a shadow. The shadow is what we think of it; the tree is the real thing.”
Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.