Ask Josh Harris: How to Deal With a Privacy Snafu

Dear Josh – I run a really successful daily deals site, imagine a Groupon for the aging hipster set. Problem is, a bug in our latest feature release exposed a bunch of user’s emails and personal shopping history to everyone. Now we’re getting chewed up on the blogs for the privacy breach! What should I do?

What’s old is new again. Remember when hipsters were called hippies? Remember “Blue Chip Stamps.” Ahh… the summer of 1967…

Your primary problem is not blog mastication (check that up in your Funk & Wagnalls). You have a systems integrity problem and your company is now paying for cut corners in the development process. This is a classic instance of why releases by the big girls (e.g. Oracle, Google and Microsoft) take more time and money to produce. They have the resources to fully document the code, alpha test, beta test and retest before they release. So now that you too are becoming a big girl and need to design and implement back-end procedures that minimize future security breaches.

As for the media relations management I defer to experts Brew Media Relations and the Morris+King Company to weigh in:

Andy Morris: This happens so much that it’s almost formulaic. Even the biggies have survived this kind of thing and I can think of at least one Internet geek God who made it through a pretty serious privacy compromise by taking this approach and not ducking any punch. In the same vein as don’t duck or blink, one should preemptively disclose the security lapse. Too often, companies are paralyzed by indecision about whether or not and what to disclose. Inevitably word gets out—in our age of instantaneous communication—so better to be ahead of it. Inevitably, you will get chewed up in the blogs if people sense that you’re not forthcoming, you’re trying to obfuscate facts or your name is Nick Denton and you’re attached to something like this.

Brooke Hammerling: It doesn’t matter if you’re a startup or a big corporation, the apology has to have a human face. A mass email apologizing to, “Dear customer” is just going to make people feel more violated at this moment. Get your team in a room, order some pizza and lock the doors until you figure out how to get the right message across. Don’t get defensive, acknowledge the mistake and how seriously you’re taking it. Oh, and if it’s a consumer business, you better offer offer something more than apology: free samples, discounts or VIP upgrade.

Josh Harris is the founder of JupiterResearch and and the ceo of The Wired City, a web tv network in New York. Andy Morris is a founding partner at The Morris+King Company. Brooke Hammerling is a founder at Brew Media Relations.

Need some advice? Email Josh at askjoshharris at gmail dot com.

Ask Josh Harris: How to Deal With a Privacy Snafu