Your SlideShare is downloading. ×
0
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

IAPP - Trust is Terrible Thing to Waste

1,101

Published on

The pre-conference workshop entitled 'Trust is a Terrible Thing to Waste' from the 2010 International Association of Privacy Professionals conference in Washington, D.C. The session reviewed why trust …

The pre-conference workshop entitled 'Trust is a Terrible Thing to Waste' from the 2010 International Association of Privacy Professionals conference in Washington, D.C. The session reviewed why trust is important, how to handle crisis communications, and how to build trust before a crisis hits.

Published in: Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,101
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
14
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • 5 MINS
  • 15 MINS
  • 15 MINS
  • Transcript

    • 1. Trust is a Terrible Thing to Waste
      How to Use Communications to Protect Reputation And Advance Privacy Objectives
    • 2. The Panel
      • Rosetta JonesHead of Issues ManagementVisa Inc.
      • 3. John BerardPrincipalCredible Context
      Joe CarberryPresident, Western RegionThe MS&L Group
      • Dave SteerDirector of MarketingCommon Sense Media
    • I. The state of trust
      John Berard, Credible Context
    • 4. A formula for success
      Security + Privacy + Performance = Trust
    • 5. What the data say
    • 6. We spend a lot on security
    • 7. Businesses are substantially increasing their expenditure on security software, despite the economic slowdown.
      Gartner (2008)
    • 8. Finding #3. Yet far fewer executives are
      actually “cutting security back”. And among
      the half or less that are taking action, most
      are taking the least dramatic response.
      Global State of Information Security Survey
      (PwC, CIO & CSO Magazines 2010)
    • 9. We talk a lot about the money we spend.
    • 10. Google “IT security spending” and you get 47 million results.
      Bing it and you get 36 million results
    • 11. We spend a lot on product performance.
    • 12. Federal research & development totaled
      $150 billion in 2007.
    • 13. $225 billion in annual corporate research & development spending in the U.S.
      Business Roundtable 2010 CEO Survey
    • 14. About 200,000 new products introduced globally each year.
    • 15. We talk a lot about the money we spend.
    • 16. Bing “new product research and development” and you get 2.2 million results
      Google it and you get 73 million results
    • 17. We spend a lot on privacy.
    • 18. Significant investment in privacy
      Technology
      Compliance monitoring
      Data collection & handling procedures
      Training
    • 19. We DON’T talk a lot about the money we spend.
    • 20. We allow our story to be told by failures.
    • 21. Since 2005, the Privacy Rights Clearinghouse says that 350 million individual records have been breached.
    • 22. In the last year, according to the Identity Theft Resource Center, 6.3 million records were affected in 218 breaches.
    • 23. The business effect of misuse
      It costs $6.6 million on average when an organization suffers a data breach, and more than $200 per compromised record, according to a survey conducted by the Ponemon Institute.
    • 24. Just as with security and performance, we can get a return on our privacy investment.
    • 25. The nature of online privacy
      Control, not anonymity
    • 26. Reflected in the percentages
      About half of us Google ourselves
      That’s twice what it was a few years ago
      But only about 3 in 100 do it regularly
      60 percent of us are not worried about the volume of online information about us
      More than half of us Google others
      • Pew Internet & American Life Project
    • Microsoft’s Boyd put it this way:
      “When they feel as though control has been taken away from then or when they lack the control they need to do the right thing, they scream privacy foul.”
      Witness: Facebook, Google
    • 27. Consumer’s view
      We care greatly about privacy
      We don’t do much about it
      Pew, too
    • 28. This is the opening for communications
      More than managing risk
      More than damage control
      Adding an accelerant to the formula for success
      Security + Privacy + Performance = Trust
    • 29. Public value of the investment
      Communications is the key to unlocking a market return on the investment already made.
    • 30. The first question to ask is:
      Who are you?
    • 31. II. When Trust is Broken
      Joe Carberry, The MS&L Group
    • 32. What we’re talking about
      How should I respond if/when data is misused or stolen?
      Current Public Environment
      Managing Through Crisis
      Case Study Exercise
    • 33. The Environment
    • 34. What we’re up against…
    • 35. The Risk
      • Electronic data widespread in every industry
      • 36. Hundreds of publicly reported breaches; many more not disclosed
      • 37. The number of breaches continues to increase year-over-year 
      • 38. Only 36% of C-suite confident they won’t suffer breach * 
      • 39. Cost of breach now $6.6 million *
      As more and more business is conducted and recorded via electronic means, risks related to data and privacy will increase. 
      *Ponemon Institute
    • 40. The Point?
      Data misuse/theft not question of “if” but “when”
      Crises often happen in full view, in real time – with significant impact
      More at risk in a data breach than just data
    • 41. Bottom Line
      “A promise must never be broken.”
      - Alexander Hamilton
    • 42. Managing a Breach of Trust
    • 43. What Makes a Crisis?
      Can be triggered by various kinds of events:
      Operational failures
      Malfeasance
      Human error
      Natural disasters
      Business set-backs
      Competitor or third-party attacks
      An issue becomes a “crisis” when the organization’s business prospects are threatened in the eyes of its stakeholders
      You do not define “crisis” – someone else does
      Crisis rule #1: somebody always find out. Always.
    • 44. A Crisis Subtracts Value
      Crises undermine stakeholder confidence in an organization:
      Short- and long-term growth potential
      Sustainable return on capital
      Quality (focus) of management
      Ability to manage risk to the business
      Source: Adapted from McKinsey
    • 45. Managing Risk
      Legal Risk
      Patchwork quilt of state and federal regulations
      Litigation exposure
      Protection: Sound legal counsel
      Operational Risk
      Validate and comply with industry standards (i.e., PCI DSS)
      Work with appropriate vendors, technology
      Protection: Ongoing diligence, best practices
      Reputational Risk
      Reputation impacts business (customers, employees, suppliers, investors, etc.) 
      Reputational risk often overlooked 
      Protection: Preparation, established crisis protocols
      *Ponemon Institute
      ** Harris Interactive Poll
    • 46. Who Cares?
      43
      Customers
      SalesChannel
      Investors
      Organization
      Supply Chain
      Policymakers
      Local Community
      Employees
      On which stakeholders do you rely for success? What do they think?
    • 47. What Can You Do?
      Be Prepared
      Success proportionate preparation 
      Activate crisis response at first sign of exposure
      Move Quickly  
      Early and honest communication
      Someone else shaping news robs you of control
      Take Action 
      Work to resolve underlying issue 
      People perceive data as “theirs”, not the company’s  -- demonstrate stewardship
      Individual should remain the “north star” 
      Be Responsible 
      Facing fear and suspicion – respond with transparency and responsibility
      Consumers will forgive mistakes, but failure to act responsibly.
    • 48. Keep in Mind
      Taking Responsibility
      is not the same as
      Taking the Blame
    • 49. The Message
      What stakeholders generally want to hear:
      You’ve stopped the bleeding Make sure the problem is no longer occurring.
      You’re making amendsTake steps to address the impact among affected parties (not the same as admitting guilt).
      It’ll never happen againTake steps to ensure similar issues don’t happen in the future.
    • 50. Crisis Protocol
    • 51. Stage 0: Preparation
      • Risk Assessment
      • 52. Early Warning System
      • 53. Crisis/Situation Protocol
      • 54. Monitoring (especially digital)
      Objective: Prepare for Action
    • 55. Stage 1: Crisis Breaks
      • Confirm viability of issue, pertinent details
      • 56. Assemble a Crisis Response Team
      • 57. Put in place tracking tools
      Objective: Assessment & Strategy
    • 58. Stage 2: Rapid Response
      • Establish “War Room”
      • 59. Identify impacted stakeholders and expectations
      • 60. Disseminate info to stakeholders quickly, frequently
      • 61. Correct inaccuracies quickly
      • 62. Manage digital impact – address contagion
      Objective: Take Control
    • 63. Stage 3: Ongoing Crisis
      • Story will evolve
      • 64. Plan for additional challenges
      • 65. New information
      • 66. Critics
      • 67. Catalog business remediation steps
      • 68. Countermeasures
      Objective: Focus on Solutions
    • 69. Stage 4: Post-Crisis
      • Understand impact on stakeholders
      • 70. Explore business changes related to situation
      • 71. Examine tactics to rebuild reputation
      • 72. Conduct debrief; identify areas for improvement
      Objective: Rebuild
    • 73. Case Study Exercise
    • 74. The Environment
      Trust of large corporations is low
      Security is pervasive issue in news media
      Lots of online chatter about data breaches
      Half of consumers cite privacy/security as a top concern
      Legislators eager to protect consumers
    • 75. The Situation
      XYZ.Com is a major online retailer
      The company has experienced a data breach
      Tens of millions of accounts; three years
      Payment information stored in violation of PCI standards
      Customers’ names, card numbers and expiry dates involved
      Forensic investigation underway; external auditors
      US Secret Service investigating
      Card companies are aware; spotting fraud patterns
    • 76. Financial Institutions
      Suppliers
      Customers
      XYZ
      Online Community
      Policymakers
      Stakeholders
      Employees
      Shareholders
      Law Enforcement
    • 77. Your Challenge
      Competing stakeholder needs
      US Secret Service requesting delay in public disclosure
      Financial institutions want all available information, ASAP
      Federal legislators have called for immediate disclosure of all breaches
      Polling data show consumers want disclosure, but less likely to do business with breached organization
      30 state statutes require immediate disclosure to impacted consumers
      High risk associated with disclosure
      Potential for brand damage with disclosure
      Litigation risk of disclosing
      Broad consumer disclosure drives customer services costs – at XYZ and associated parties (banks)
    • 78. The Wall Street Journal calls; they have the story...
      What do you do?
    • 79.
    • 80. Your Response
      Who is involved? Who is most impacted?
      Who should be at the table internally?
      What do you do first?
      Do you disclose publicly? When and how?
      What should you say?
      What business changes do you recommend to management?
      What can you do to restore trust?
    • 81. Remember…
      Misuse/theft of data creates risk
      Breach reduces trust
      Lower trust impacts brand/reputation
      Tarnished brand/reputation harms business
      Crisis response should be well planned, aligned 
      This is not about “spin”
    • 82. Rahm Emanuel…
      “You don’t ever want a crisis to go to waste.”
    • 83. QUESTIONS?
    • 84. BREAK
    • 85. III. Making Your Case
      Rosetta Jones, Visa Inc.
    • 86.
    • 87. What is Visa?
      What We Are
      What We Are Not
      Global payments technology company
      Transaction-processing network that connects cardholders, merchants and financial institutions
      Credit card issuer
      Lender
      Exposed to consumer credit risk
      Payments technology company that helps power the global economy.
    • 88. Statistical Overview
      Visa Inc. is the world’s largest retail electronic payments network, with more than $4.4 trillion transacted on our payment products over the four quarters ended Dec. 31, 2009.
      Total Volume*
      *
      Visa Cards
      1.8B
      16,100
      1.6M
      ATMs***
      Financial Institution Customers
      Visa Inc. Operates the world’s largest retail electronic payments network*
      $2.8T
      $4.4T
      Payments Volume
      Total Transactions****
      Statistical data in U.S. dollars; ATMs, financial institutions and cards based on four quarters ended Sept. 30, 2009.
      Excludes Visa Europe, unless otherwise noted
      *Based on payments volume, total volume, number of transactions and number of cards in circulation. Figures are rounded.
      ** Includes payments and cash transactions.
      *** As reported by client financial institutions and therefore may be subject to change; includes merchant outlets and ATMs in the Visa Europe territory.
      **** Includes payments and cash transactions.
      62B
      Visa Confidential
    • 89. Payment Security = Data Privacy
      Cash Perceived Safest at POS
      Privacy/no personal information cited as leading reason
      Even those very comfortable with emerging technology only give mobile phones a score of 4.2.
      I’m going to read you some ways you can pay for things at a store and please tell me how safe you think each form of payment is on a scale from 1 to 10 where 1 is not at all safe and 10 is very safe…
      69
    • 90. Integrating Security….
      Print advertising
    • 91. Integrating Security….
      Brand advertising
    • 92. Integrating Security….
      Client Marketing
    • 93. Integrating Security….
      Corporate Social Responsibility
    • 94. Debit Breach Response
      Visa debit is fastest growing product
      An integrated response program that included advertising, PR, pre and post campaign tracking, and data analysis
      “Security breaks could curtail debit card use….”
      March 13, 2006
    • 95. Security is Visa Asset
      By a large margin more cardholders view Visa as a part of the solution on the issue of fraud than believe it is part of the problem.
      Visa Job Approval
      Total Approve Total Disapprove Strongly Approve Net Approve
      Thinking specifically about Visa, from the same list of issues please tell me whether you approve or disapprove of the job Visa is doing to handle that issue…
      Highlighted Data Slides
      75
    • 96. Top 109 List
      1
      Listen. Ask questions of key internal influencers about fears, opportunities, internal product development.
      Get smart. Know who’s saying what about you outside the company and the vulnerabilities inside the company.
      Start with the bottom-line; demonstrate growth opportunity or barrier to growth that can/should be addressed.
      Use reason, not passion. Only the emotion will be heard.
      Be the voice of the customer.
      Make it objective -- DATA, DATA, DATA.
      Bring the company along.
      Use the experience of the dead bodies that have forged the privacy path before you.
      All else fails, fear works
      2
      3
      4
      5
      6
      7
      8
      9
    • 97. IV. BUILDING TRUST
      Dave Steer, Common Sense Media
    • 98. What we’re talking about
      How do I market trust and privacy?
      Why privacy is important to marketers
      What you can do to make trust and privacy a differentiator
    • 99. Why is trust so important?
    • 100. First, a question…
      WHAT ARE THEY DOING TO BE
      MOST TRUSTED IN PRIVACY?
      Source: TRUSTe/Ponemon 2009
    • 101. Sometimes there is tension between marketing and privacy people
      “I just want to be able to better target our message to the right consumer”
      “This will make for a better customer experience since they’ll only see what’s important to them”
      “Telling them about our policies is a distraction. It should be about our product benefits.”
    • 102. But trust is vital for marketers.
      Trust = Brand Advantage
      Privacy creates an opportunity for a trusted relationship with consumers which enables companies to differentiate their brands
    • 103. “The Great Trust Offensive”
      “…trust is the number one driver of any brand at the most fundamental level.
      We buy what we trust and keep buying; familiarity and trust are big, big drivers of loyalty and brand value.”
      Andy Bates, CEO, Interbrand
    • 104. But with privacy, it’s complicated
    • 105. Which is why most companies play defense
      “I can’t help noticing that more and more technology companies are exposing people’s information publicly and then backpedaling a few weeks out.”
      danahboyd, Harvard Berkman Center
    • 106. Building trust
    • 107. Brands focus on building credibility
      The Credibility Lifecycle
      Source: Stanford, B.J. Fogg, 2002
    • 108. A ‘trust lens’ of messaging & programs
      Reassurance: Show the protections that are in place, the company, what others say, etc.
      Education: Enable people to protect themselves, show what you are doing
      Support: ‘Being there’ when something goes wrong.
      Source: Stanford, B.J. Fogg, 2002
    • 109. So, how can you build trust?
    • 110. 1. LISTEN TO your customers and embrace two-way communication
      The proposed Facebook privacy policy received thousands of comments
    • 111. 2. Have a clear, compelling message
      Start by answering these questions…
      Who is the target audience?
      What is your single key message?
      What is the benefit of your privacy program?
      Why should they care?
      What are the barriers to them understanding your message
      The toughest part is balancing simplicity with
      transparency
    • 112. 3. BUILD privacy messaging into the EXPERIENCE
      A typical customer experience
      What privacy questions will they ask?
      When will they ask?
      How can you reassure, support, and educate?
    • 113. 4. Educate, educate, educate
      About safe, responsible BEHAVIOR
      About safe uses of your PRODUCT
    • 114. 4. Safe, responsible behaviors…
    • 115. 4. PRODUCT safety
    • 116. 5. Tell people what you’re doing to protect them
    • 117. Summing it up
      Listen to your customers – and embrace 2-way communication
      Develop a clear, compelling message
      Build privacy messaging and support into the brand experience
      Educate, educate, educate
      Tell them how you are protecting them
    • 118. Remember
      Trust = Brand Advantage
      Privacy creates an opportunity for a trusted relationship with consumers which enables companies to differentiate their brands
    • 119. V. Putting it all together
      John Berard, Credible Context
    • 120. Bringing it all together
      Security + Privacy + Performance = Trust
      Trust = Brand Advantage
    • 121. Thank You.
    • 122. The Panel
      • Rosetta JonesHead of Issues ManagementVisa Inc.704.444.3815rjones@visa.com
      • 123. John BerardPrincipleCredible Context415.845.4388john@crediblecontext.com
      Joe CarberryPresidentWestern U.S. Region415.293.2805joe.carberry@mslworldwide.com
      • Dave SteerDirector of MarketingCommon Sense Media415.845.5110dsteer@commonsensemedia.orgwww.steermarketing.netwww.twitter.com/steerdave

    ×