Tough situation here.
The Guelph Storm are a junior hockey team based in the midwestern Ontario, Canada community of Guelph. For those who are unfamiliar with the various levels of hockey, think of it as a double A baseball team. They attract several thousand fans per game.
They are easily the most popular team in this city of 100,000 people. As a result, their season-ticket’s list reads like the Who’s Who of the Guelph business community.
So I imagine some of those businessmen are going to be awfully upset when they find out that their email address is now public information to every fellow season-ticket holder.
The Storm were promoting a charitable luncheon, and did so via email. Unfortunately, in a classic mistake that happens to the just about anyone (Hillary Clinton’s campaign made the same mistake), the Storm did the unthinkable and publicly listed everyone’s address in the “To” field. As a result, anyone who received the email can easily see every address.
This is NOT a good way to endear yourself to your most important customers – season’s ticket holders.
So how should they fix it? To send out another email will run the risk of flagging that very weakness to those who hadn’t noticed it the first time. In effect, it’s like saying “I’m sorry I have this security flaw in my website. Please don’t take advantage of it.”
I suspect it may be a moot point. It’s only going to take one upset person to tip off the local newspaper before the Guelph Storm Management are going to be dealing with a very public black eye – in which case, nothing more than an abject apology is going to suffice. In the meantime, it’s time to think preemptively.
Perhaps a snail mailed apology, along with a voucher to bring a guest to a future Storm game for free? Or perhaps a coupon for something as simple as a free hot-dog or snack? Anyone who hadn’t noticed the original mistake may be happy to receive a freebie, while those who are upset are somewhat mollified.
What do YOU think?
September 23, 2009
You think that’s bad … check out http://www.pcpro.co.uk/news/security/351814/demon-ebill-blunder-exposes-thousands-of-passwords . “Demon ebill blunder exposes thousands of passwords”
If I was a Guelph Storm season ticket holder, I don’t think a free hotdog would mollify me at all. I’d want to have some assurances that:
- The person responsible has been sacked (sorry, Monty Python reference).
- There is some new corporation-wide understanding of WHY this is a bad thing.
- There are some procedures being put in place in order to prevent this happening again.
Then I’d want an apology. It might even mean something to me if I felt like the issues above had been addressed.
Probably emailing everybody on the list again, and doing it properly, with an apology would be the right thing to do.
- Andrew.