The Clip Report

The following essay is also my column in next week’s AdAge

In the era of cloud computing, any breech in privacy or security - even a minor one - is the fastest way to erode brand equity and consumer trust. Botching the communications around these events or, worse, not being proactive ahead of time to think the unthinkable, could clinch that your brand may never be able to stage a comeback.

Sound ominous? It is. Yet few companies outside the tech world have strategies to think through how potential privacy and security issues could impact their brand equity as more data migrates to the cloud.

Here are three maxims every company should keep top of mind. These best practices come out of the technology industry which, according to our data, has long been the most trusted.

Show Skin

At a basic level, Dropbox and Evernote are similar companies. Both store personal information in their cloud and seamlessly sync it across a myriad of devices. Both have millions of loyal users, many of whom pay. However, that’s where the similarities end.

Evernote has been exemplary in not only disclosing how it stores user data but also in showing even novices how to encrypt it. They go even further. Their executive management, especially their CEO Phil Libin, and marketing and support teams are all individually visible online in social media and offline at events. They are very approachable and accessible. This human touch helps them earn trust over time and could insulate them.

Dropbox, by contrast, is more opaque. Their blog and Twitter accounts are updated infrequently and even their most loyal users probably couldn’t name their CEO. Had they been more proactive in communicating in a human voice over the years, they perhaps might have been able to more easily manage a major security glitch last week that left millions of personal files unlocked for four hours.

Be Simple

Almost every company today has either a privacy and security policy and/or a terms of use page posted on their web site. Unfortunately, these are written by lawyers and are complex. Therefore, most consumers don’t read them and don’t have any idea just what data they are entrusting in exchange for services.

Google has taken a different approach. Last year they rewrote their privacy policy in plain English to make it more digestible. In addition, Google operates one service that lets consumers see what they know about them and another that allows them to easily export or delete it.

Amazon.com, as Forrester Research has pointed out in the past, also uses plain language to explain what information is shared with Facebook for those who choose to link their accounts. This communique goes beyond what Facebook already shares once an authorization is requested.

The lesson: over communicate on privacy, but do so in a simple, human tone.

Think 360

Data flows today like electric power over copper wires. This means that one incident somewhere on the grid can bring down others fast. Few companies, even in technology I would argue, have taken the time to fully think through not just their own vulnerabilities but the risks that could ensnare them from deep within their byzantine maze of partners.

The Epsilon and Gawker Media incidents earlier this year are good examples of how a privacy or security gaffe beyond your own control can make your customers, and thus your brand, vulnerable.

In both cases, thousands of email addresses, and in Gawker’s case passwords, were released into the wild. Given that many consumers use the same address and password across different sites, these events left high value targets, like banks, vulnerable to email harvesters and hackers. Some, like LinkedIn (an Edelman client) chose to be proactive and reset logins - just to be safe.

In developing a plan, look for the weakest link in your data trail and have a robust plan for thinking just how a breech outside your control might impact your brand. Have a plan for dealing with the questions that will come in not just from the media, but from consumers directly via your Facebook and Twitter embassies. Also consider preparing for these vulnerabilities ahead of time by hosting joint “war games” with key partners.