Experian Data Breach Resolution and Ponemon Institute study indicates consumer confusion following a data breach
COSTA MESA, Calif., June 4, 2012 /PRNewswire/ — A business’s ability to protect personal information and communicate the circumstances of a data breach can impact customer loyalty and an organization’s trustworthiness and reputation, according to a recent study by Experian Data Breach Resolution and the Ponemon Institute. In fact, according to more than 700 survey respondents, 72 percent of people who received notification of a data breach were dissatisfied with the communication and often felt the need for more information.
The Ponemon Institute conducted a similar study on data breach notification letters in 2005. At that time, only 12 percent of respondents said they had received letters informing them about a data breach involving their personal information. Seven years later, that number has increased to 25 percent. The reason for the increase is linked to the fact that 47 states have implemented data breach notification regulations, policies and guidelines that organizations must abide by once personal information has been lost or stolen.
“While it’s important for companies to do everything possible to safeguard consumer data, it’s just as important to communicate effectively in the event of a breach,” said Michael Bruemmer, vice president at Experian Data Breach Resolution. “Effective and appropriate communication to customers who have been impacted by a breach includes describing the type of data that was lost or taken, an estimate of probability that the data will be abused and the business recourse that the company will offer.”
While the study highlights the importance of notifying consumers in the aftermath of a data breach, additional key findings include:
Notifications are unclear — Survey results indicate communication following a data breach often is unclear.
- An estimated 41 percent of respondents noted that their data was most likely stolen. However, 37 percent stated that they don’t know what the data breach incident was about, an increase from 28 percent of respondents in the 2005 study.
- Sixty-seven percent say the data breach notification did not provide enough details.
- Nearly 61 percent of respondents indicated having problems understanding the notification.
Consumers expect organizations to protect them from identity theft — Following a data breach, consumers believe organizations have obligations to protect them from identity theft and provide compensation.
- An estimated 63 percent of respondents believe organizations should be obligated to compensate data breach victims with cash, their products or services.
- Fifty-eight percent say the organization has an obligation to provide identity protection services, and 55 percent say they should provide credit-monitoring services.
“In the aftermath of a data breach, it is imperative to a company’s reputation that it take the necessary steps to inform those affected by the incident in a timely and transparent fashion,” said Dr. Larry Ponemon, chairman and founder of Ponemon Institute. “As shown in the findings of this consumer study, resources spent on personalizing the message, offering assistance to reduce the likelihood of identity theft and providing specific information about the nature of the incident help reassure victims that the organization truly has the customer’s well-being in mind.”
To access the full Consumer Study on Data Breach Notification report, visit www.experian.com/notificationstudy.
For more information, visit http://www.experian.com/databreach.
About Experian Data Breach Resolution
Experian® is a leader in the data breach resolution industry and one of the first companies to develop products and services that address this critical issue. As an innovator in the field, Experian has a long-standing history of providing swift and effective data breach resolution for thousands of organizations, having serviced millions of affected consumers. For more information on the Experian Data Breach Resolution division at ConsumerInfo.com, Inc. and how it enables organizations to plan for and successfully mitigate data breach incidents, visit http://www.experian.com/databreach.
Experian is the leading global information services company, providing data and analytical tools to clients around the world. The Group helps businesses to manage credit risk, prevent fraud, target marketing offers and automate decision making. Experian also helps individuals to check their credit report and credit score, and protect against identity theft.
Experian plc is listed on the London Stock Exchange (EXPN) and is a constituent of the FTSE 100 index. Total revenue for the year ended 31 March 2012 was US$4.5 billion. Experian employs approximately 17,000 people in 44 countries and has its corporate headquarters in Dublin, Ireland, with operational headquarters in Nottingham, UK; California, US; and SÃ£o Paulo, Brazil.
For more information, visit http://www.experianplc.com.
Experian and the Experian marks used herein are service marks or registered trademarks of Experian Information Solutions, Inc. Other product and company names mentioned herein are the property of their respective owners.
1 323 202 1075
Experian Data Breach Resolution
1 949 202 7296
SOURCE Experian Data Breach Resolution