500 million is just a number. It is so big that it is impossible to take in. It could be described as one person for every mile to the Moon but it would not explain the sheer quantity of victims. We might just as well say it’s a really big number.
The news was widely reported. The image of their HQ is so universal that most of us know that they are at 701 First Avenue. I’ve had a number of calls from friends asking me what they should do. The Yahoo! name has become well known again but for the wrong reasons.
Our problem is that email marketing might be condemned by association. Anyone would think that if Yahoo! can’t keep their data safe, with all their money and sophistication, what about a small company whose email marketing list has just a thousand or two subscribers.
To an extent, of course, they are correct. If such a big company struggles, what chance does de we stand? It is a fact of life that if, as reported, a massive foreign country with vast resources wants your data, they can get it. The only question is whether they will bother.
They won’t go for us of course. It is not much of a reassurance to be told that all that is protecting your data is that no one can be bothered to pluck it. So what should your response be?
The temptation is to ignore it in the hope that it will go away. It has nothing to do with email marketing specifically. It appears to be a security breach in a company that should have had adequate systems in place project planning and management. But you will not want to appear complacent.
Subscribers to your email marketing list did not sign up for random communications about security so, tempting though is it, you should not send a reassuring message detailing your security systems. Some will not want to know and you run the risk of making others fear for their information.
You could mention that you take security of their data seriously, but without mentioning Yahoo! Perhaps, in your next email marketing campaign you could add a box to the effect that you exceed the minimum requirements of the legislation on data security. Say that anyone wanting more information should click through where your systems will be explained.
On the landing page, describe broadly what your systems are, how you keep data secure on separate sub systems. Explain the function of your data controller and their responsibilities, and include the rights of those whose data you own.
The response to the box will show if security of their data is something your subscribers are concerned about. If they are, continue to emphasise your commitment on your website home page and maybe have a little tag line that follows your header.
There is the option of giving into your anger and criticising Yahoo! not only for allowing the personal information of 500 million people to be compromised but also for not mentioning it for two years. Moaning can be therapeutic and it will probably reassure your subscribers.