If you are like me, you have likely received a number of email notifications from companies stating that your email address may have been compromised. As a result of a security breach at email distributor Epsilon, email information was hacked that impacted 2% of Epsilon’s customers (for a list of known companies that were impacted, click here). Epsilon reportedly sends more than 40 billion emails annually, so there is a good chance that you or your customers were impacted by this security breach.
What does this have to do with the customer experience? In short, it erodes the trust that exists between the customer and the organization, and it is difficult to imagine a situation in which customer loyalty can be cultivated in the absence of trust. The reasons for this decay in trust are fairly intuitive:
1) Customers expect companies to guard their data – It is likely that every opt-in process disclosed that these organizations used a third party to manage elements of the customer experience (communication, promotion, etc.); however, customers rightfully expected that all steps would be taken to ensure that any information shared would be properly guarded.
2) Communication has been sparse – To Epsilon’s credit, it appears that they moved swiftly in alerting their customers once the breach was discovered; however, the details have not been as forthcoming to end consumers. Moreover, the tone of these messages has taken on a decidedly legal tone (likely for good reason), including statements that the company has been assured that only name and email data were compromised. As a consumer, I was left with the feeling that the company was relaying what they had been told, but they were not entirely confident in what they were reporting.
3) There is a feeling of a lack of control – The tone of the messages sent by companies suggest a lack of control of how sensitive customer data is stored, managed and used. This lack of control extends to the end consumer – that is, I feel as though once I share my information, I have lost all control with respect to how my data are managed. This increases skepticism, which reduces trust.
What should we expect the fallout to be as a result of this breach? For starters, we should expect that spamming and phishing attempts will skyrocket – this has been a topic that has been addressed in nearly every notification I have received. As a result, customers will be more apprehensive with sharing their information, and will be less likely to click on links in emails (for example, to take a customer survey). This will adversely impact response rates, which will beg the question as to whether our customer listening efforts are truly representative in nature.
Fortunately, there are steps we can take to proactively address this issue. In addition to advice provided by my colleague Becca Lewis (see Becca’s blogs on response rates here, here, here and here), Walker has written a book on tactics and strategies to increase response rates (if you are a Walker client and do not have this booklet, please ask your account team for a copy). Above and beyond this information, there are three additional steps companies should consider when launching a customer listening initiative in light of the Epsilon breach:
1) Provide a way to validate that the survey is legitimate – Many of our clients will construct a special website that customers can visit to validate that the survey request is legitimate. This is also a great opportunity to set expectations on how your organization will use the information (and the follow-up that customers should expect to see).
Given the extra concern over clicking links in emails, it may be preferable to have a link available from your home page to route customers to this page (as opposed to providing a link in the email notification). This also reinforces to all customers (even those who were not selected in the sample) that you are focused on listening to – and acting on – customer feedback.
2) Do not ask questions you should know the answer to – This is particularly important with respect to any sensitive account information such as account numbers, contact information, etc. Data elements such as these should be linked from your CRM data so that they can be leveraged in the analysis on the back end. This will not only streamline the survey process and prevent concern about sensitive information, but it will also focus on the most important aspect of the survey – getting the customer’s feedback on items that you do not already know.
3) Communicate early and often – This is a common theme, but it bears repeating – you cannot communicate enough with customers. Communication does not take a one-size-fits-all approach, either – you should consider things such as a CEO video embedded on your site, utilizing the front-line account team to alert customers of the coming survey (and take the lead on any follow-up), promoting the survey initiative in billing inserts, and so on. Taking a varied approach will maximize the probability that your customer will participate in the program.
Data breaches such as that experienced by Epsilon are unfortunate; it is my hope, however, that these tips will help you to take a proactive approach of getting ahead of the issue with respect to your customer listening initiatives. If you have other thoughts, please feel free to share them.
Mark A. Ratekin
Senior Vice President, Consulting Services