Some brands I trust, some brands I don’t. But what can we do when the brands who breach our trust are ones we’ve never heard of? I’m talking to you, Epsilon. It’s lost a number of brands’ customer details, including M&S.
Recently Dan Moore tried to explain why it’s not OK for companies to respond to a data breach by saying ‘oops’ – we need a lot more reassurance than that. But since then there’s been another huge data breach, and we’re still getting the same watered-down message.
People, such as our Twitter followers Lombear and SoElusive, have started receiving emails from Marks & Spencer, apologising for a breach at the company that handles some of their customer data. The company? Epsilon. Epsilon was targeted by hackers, who collected millions of names and email addresses from their clients.
Make the companies pay?
Last time we talked about this, a few people suggested that the best way to solve the problem was to financially punish the companies involved.
Louise told us that ‘as long as the cost of proper data control is high, but the cost of losing the data is low then companies will continue to adopt a “make do and mend” approach to data control.’ Dieseltaylor even suggested that ‘everyone who has their email addresses stolen by a hacking attack needs to be reimbursed say £10-25.’
Not everyone was so worried – Rarrar thinks that having your email data stolen is ‘probably a fact of life’ if you want to use some of the internet services on offer.
But my favourite comment came from Kenward, who has set up an email-forwarding system that lets him give a unique address to each company. This means he can identify where each spammer got his details from – clever, no?
Don’t talk to strangers
The thing that really bothers me in this case is that most of us hadn’t heard of Epsilon until they started losing data left, right and centre.
It’s not just M&S. Many US companies, such as Capital One, BestBuy and Citibank have been affected too. All of these are big household names, each asking customers to put their trust in a network of potentially unreliable suppliers.
We put our faith in these large brands, giving them our names, email addresses, and credit card details, only because they’ve spent years building up that trust. In the case of M&S, it’s a family name and an ethical brand to whom I don’t mind handing over my details.
But I’ve never heard of Epsilon – I don’t know if they are good or bad at handling data. So when they breach my trust, I need exactly the same reassurances that they are presumably giving to their clients. Epsilon will no doubt be grovelling to M&S right now, explaining what happened and why it won’t happen again – so why can’t I, the customer, have the same?
And while they’re at it, I wouldn’t mind if they followed Louise and Dieseltaylor’s suggestions too and threw in a bit of compensation.