Traditionally, those of us who attempt to prepare companies for potential crises have focused on three primary categories:
- Natural disasters, including floods, snow and ice storms, hurricanes, tornadoes and earthquakes
- Deliberate man-made violence, ranging from turbulent pickets and hijackings to shootings on industrial sites and campuses
- Mechanical failures, causing fires, explosions, building collapse, airline crashes or other threats
While these types of crises can be devastating to businesses, over the past several years the most impactful crises have centered on the loss or theft of digital data. Every aspect of our business operations and personal lives has become digitized, from the way we shop for and purchase goods to the way we interact with financial institutions and our doctors.
Data theft has significantly damaged the reputations of previously trusted brands—most visibly in recent months, Target—and its impact has been expensive. Last year the Ponemon Institute, which conducts independent research on privacy, data protection and information security policy, reported on the extent of data breaches around the globe. It found that, among nine major countries, the U.S. experienced the highest total average cost at more than $5.4 million. What the report termed “malicious or criminal attacks” resulted in the most costly incidents of data breaches in all nine countries.
The crisis that can result from a data breach, of course, is exposure of private consumer financial and personal information, making consumers vulnerable to losses of dollars and creditworthiness. As technology advances, the sources for such breaches multiply. For instance, with the emergence of driverless-car technology, California is already examining the types of regulations that will be needed to govern the use of autonomous vehicles. One of the most contentious issues the California DMV is facing is how to preserve the privacy of passengers. Covering a public hearing, the AP reported:
Much of the initial discussion focused on privacy concerns. California’s law requires autonomous vehicles to log records of operation so the data could be used to reconstruct an accident. But the cars “must not become another way to track us in our daily lives,” John Simpson of the nonprofit Consumer Watchdog said at the hearing.
Simpson called out Google, saying the Internet giant rebuffed attempts to add privacy guarantees when it pushed the 2012 legislation, which mandated rules on testing and public operation.
What other emerging technologies hold the potential for digital crises? Businesses accelerating toward digital products will need to consider privacy protection with such developments as:
- Streaming TV programs, not just Netflix but the broadcast and cable networks’ own video streams. Chances are that this programming, via laptop, tablet and mobile phone, ultimately will embrace interactive elements in which viewers are asked to enter personal information to enable a customized entertainment experience.
- Mobile point-of-sale systems that pull information from a database to display it on tablets carried by sales associates. What restrictions will be implemented on the type of data that associates can retrieve, and how will that information be shared?
- Technology enabling vehicles to communicate with each other. If information on vehicle speed and alignment on the road can be streamed to other cars on the road to prevent collisions, will it be streamed to police vehicles as well? Will such data become admissible evidence in court cases relating to speeding, driving under the influence or road rage?
Will the way that companies use personal information obtained from these and other new technologies result in negative consumer reactions that may escalate into a crisis for the brand? In the era of social sharing, the fine line between community and intrusion will become increasingly difficult to track, so individual businesses and developers have a responsibility to protect consumers from future breaches that could result in crises of confidence and reputation.