When sorry seems to be the hardest word..
/If you picked up the newspaper today, you will have read of the reported data breach by Woolworths.
Here is a snapshot of the story:
Fairfax Media has obtained a copy of the email which contained an excel spreadsheet with the names and email address of thousands of customers and a downloadable link to 7,941 vouchers, worth a total of $1,308,505. It is understood the spreadsheet was emailed to more than 1000 people, all of whom could access the gift card codes and immediately begin shopping." – The Sunday Age, 31 May 2015.
I am going to focus just for a moment on the incident, but more importantly I want to look closer at the response and highlight a lesson in damage control.
We know a mistake has been made and it’s quite possible that your or my personal details have been leaked to the world. Let's be honest, companies employ people and sometimes these people make mistakes. Ultimately the company has to take responsibility and they wear the blame.
In this case, everyone knows that in today's world, there is always a risk when you submit your details, that there is every chance that one day that data may mistakenly end up in the hands of a 3rd party.
One of the customer's interviewed was reported as saying "hopefully my email address doesn't end up somewhere where it permanently gets lots of spam."
I don't know about you but I get spam emails every hour and I have no idea where they come from so there's no way that customer will ever know.
What bothers me with all of this is the message coming out from Woolworths. Where is the apology?
It is one thing to make a promise to investigate how the incident happened, but start with showing some respect to your customers. The first communication needs to be a straight out apology and that's precisely what is missing.
As reported by Fairfax Media, here is what Woolworths did write in their formal statement; "Woolworths takes the concerns of its customers and data security seriously," the statement read. "We experienced a technical fault with an e-voucher offered to customers this week. We are working to resolve the issue and are assisting customers."
Why don't we see the words "We're very sorry" anywhere in that press release?
Companies in these situations need to be proactive and show leadership. However all too often they fail to take decisive action. Whilst Woolworths investigate further, an apology for the fact that the incident occurred would have been so much better than what they said.
And by the way, I don’t know if they really are assisting customers. As one customer said "I tried to call Woolworths but no one picked up the phone." A quick glance at their website tonight and there is still no mention of the incident, not even under their 'Latest News' section.
If you want your customers to respect your organisation then don't roll out the party line like a politician who can't admit fault or accept responsibility whilst hosing down the seriousness of a blunder. This was a data leak! Think how much worse it would have been if the email had included credit card information!!
If I were advising Woolworths, the statement would have read more like this;
We are investigating the facts and as yet we are not in a position to make a comment. To all of our customers who have been impacted by this situation, we are extremely sorry. We will provide answers as soon as we have more information available".
Open and honest communication wins respect with customers. Anything else leaves people questioning their loyalty to the brand and to the organisation and that is not clever in business.
To the PR department at Woolworths, step up and take the lead. Issue a statement that says it as it is.
This week I hope to read a follow up press release with a clear message that says yes we did it, it was a genuine mistake, we are extremely sorry and here is what we are going to do to make it up to you. Most importantly thank you for your loyalty.
Let's watch this space.