The Business Apology Letter
What makes a business apology letter effective?
The Perfect Apology Team was recently asked by Jon Brodkin, a reporter
at Network World, to comment on the effectiveness of ten apologies
issued by the CEOs of several major financial, retail and academic
institutions. In each case, the business apology letter was sent to
customers and clients after the company discovered serious data breaches
in their respective information security systems.
In our response to the request we began by explaining that very few
business apologies ever meet the 'perfection' standard, while some
less-than-perfect apologies work out just fine (as some of these
probably did). We also noted the fine line between a perfect business
apology letter and groveling—JetBlue's apology (they've
issued many), which we discuss here
is a great example of a CEO getting very close to the perfection mark
without going over the line.
We cited Neeleman's February 2007 JetBlue apology because, while it
isn't a case of an information (IT) security breach, it does provide an
excellent set of benchmarks for identifying strong, credible and
effective business apologies that meet most of the ingredients we emphasize
throughout this site. The initial data provided by Jon Brodkin came from
the Privacy Rights Clearinghouse, news accounts, and the websites of the
companies in question.
With these qualifiers in mind, we set out to evaluate the ten business apologies
by determining which of the letters issued by these CEOs were the most
and least effective. We also highlighted the most common threads and
mistakes that companies typically make when writing a business apology
letter.
Method:
Rather than provide a general assessment of these business apologies
based on some idealized standard we decided instead to evaluate each
business apology letter in relation to the others. Although some of the
errors/mistakes made by these companies were more serious than others it
was still possible to evaluate all of them on the same 1-10 scale.
Common Threads:
With the exception of a press release issued by ChoicePoint, none of the
ten business apologies were very good. Many of the CEOs made the same standard
mistake—they passed-the-buck by assigning most of the responsibility
to other forces or players, and emphasized 'regret' rather than
expressing a sincere and credible apology for their company's failure to
meet their customers' reasonable security needs and expectations.
None
of the business apologies acknowledged any real responsibility for the loss of
security, and none (except for one) offered ANY reasonable compensation.
While compensation options may not be terribly obvious for many of the
companies, an offer to at least consider some form of restitution is
always available and should be a key ingredient of any standard business
apology letter. Also, very few of these business apologies explained in any
detail what the company was prepared to do to prevent a re-occurrence.
Finally, the most serious yet common impediment to an effective business
apology letter (illustrated through these ten examples) is the often
exaggerated concern CEOs (and their lawyers) have about litigation. This
may explain the uniformly very low scores.
Results:
The maximum score that we gave was 7/10 and the minimum was a -3. Yes, that
is a negative three—the recipient is Boeing President and CEO Jim McNerney for an apology email he sent to his employees after a laptop
containing sensitive and personal data of current and former employees
was stolen.
There is much to learn from seeing how 10 different organizations handle
a similar issue. As you will see from our reviews, these CEOs were
either ill-prepared, received poor advice, or just didn't care.
Read our
reviews and excerpts of each business apology letter at Network World
as well as Brodkin's
full article on recent
security breaches
and the not-so-effective apologies that followed.
Or, learn what questions we all need to ask before issuing a public apology.
Or, return to Apology Research.
|
