Perspectives Newsletter


Let Us Help You

Have you had a data breach?

If you have any questions about our resources or any topics related to Experian Data Breach Resolution, please contact us at or call 1 866 751 1323.

How to Fix 5 Prevalent Notification Letter Problems

Data breach notification letters may seem fairly cut and dry: Tell people their data was lost or stolen to satisfy your legal requirements. And that’s that, right? Wrong. In a recent survey, 72% of consumers who could recall receiving a notification letter express dissatisfaction with it. And that translates to dissatisfaction with the company that sent it.

The Ponemon Institute’s 2012 Consumer Study on Data Breach Notification is one of the first to focus on notifications from a consumer perspective. Sponsored by Experian® Data Breach Resolution, the study pinpoints several pitfalls of breach notification to avoid. Here are five:

1. Providing too few details.
The Problem: Sixty-seven percent of respondents do not receive enough specifics about the breach. Forty-four percent don’t even know what exact pieces of their data were lost or stolen. That leaves them at a loss on how to protect themselves from further harm.
The Fix: Be more transparent in your notification letters so consumers can truly assess their risk. Remember, if you leave them guessing they might jump to conclusions that are far, far worse than the reality of the breach.

2. Communicating in legalese.
The Problem: Sixty-one percent of notification recipients have trouble understanding the letters. Even after reading a notification, 37% have no idea what the breach is about. In a similar Ponemon study conducted in 2005, 28% of respondents felt same way, suggesting notification letters have gotten worse, not better.
The Fix: Be sure your notification letters sound like they were written by a person, not a legal team. Keep them short, provide the facts and use simple language.

3. Failing to disclose risks.
The Problem: Consumers don’t feel that notifications explain the risk or harm they are most likely to experience as a result of the breach. This is one of the biggest improvements that they would like to see in notification letters.
The Fix: Take into account the type of data that was lost – consumers already want this included in notifications. Then explain the risks associated with that type of data loss. This helps affected individuals feel empowered and educated rather than helpless and anxious.

4. Forgetting the peace offering.
The Problem: Consumers feel they are entitled to some form of compensation when their data is lost or stolen. Companies that don’t provide any aren’t doing their reputations any favors.
The Fix: Provide affected individuals with a membership in an identity protection product to assure them that you’re concerned about their security. Fifty-eight percent consider identity protection to be favorable compensation after a breach.

5. Missing an opportunity to rebuild trust.
The Problem: Consumers react to notification letters differently, but 15% say they will terminate their relationship with the breached company and 39% will consider breaking ties.
The Fix: Use the notification letter to rebuild trust with affected individuals. Outline the steps, such as building a more secure network or training employees, you are taking to protect them from further harm. Otherwise they may make an uninformed decision about whether to continue conducting business with you.




  • © 2018 Experian Information Solutions, Inc. All rights reserved.