Prompt notification eases pain of data breaches, consumers say

Consumers may be willing to forgive an organization that’s suffered a data breach if they get timely notifications about the incursion.

A recent survey by Experian, a consumer credit reporting company, found that 93 percent of consumers responding to its survey expected to hear from a bank within three days of a data breach occurring, with the vast majority—83 percent—saying they expected to hear from a financial institution within 24 hours.

When asked how they would respond to slow or ineffective communication after a data breach, 66 percent said they would stop doing business with the organization, and 45 percent said they would tell their friends and family to do the same.

Some 90 percent of the survey respondents said they would be at least somewhat more forgiving of an organization if they knew it had a prior plan in place for communicating after a data breach.

Experian hired the consulting firm KRC Research to conduct the survey. It was fielded online in July this year, with slightly more than 1,000 U.S. adults responding.

HDM-090519-Notification (1).png

Capital One recently suffered a data breach that compromised the data of roughly 100 million people — including as many as 140,000 consumers’ Social Security numbers and 80,000 linked bank accounts. In 2017, the credit bureau Equifax was hit with a data breach that exposed around 147 consumers’ personal information. Target, Home Depot, TJ Maxx and other retailers have also suffered high-profile data breaches in recent years.

In the healthcare sector, millions of patient records have been exposed in 2019. One of the biggest exposures of information involved American Medical Collection Agency, a billing and collections firm that was business associate of Quest Diagnostics and Labcorp.

Experian’s findings, issued this week, also suggest that financial services companies may take a greater blow to their reputation if they bungle the response to a major data breach. Survey respondents consistently held financial services companies to a higher standard than they did healthcare organizations, government agencies or retailers.

Three-quarters of respondents said they expected a government agency to notify them within 24 hours of a breach; 73 percent expected the same response time for healthcare organizations; and only 61 percent held retailers to that standard — all lower than the 83 percent who expected banks to respond within a day.

For reprint and licensing requests for this article, click here.