How many notices did you receive about the Epsilon email breach that was discovered on March 30? How did the news of that make you feel toward a compromised company you do business with? Even though only email addresses were stolen, did you wonder whether you needed to worry about more than just watching for potential targeted spam or more sophisticated phishing attempts? Was your confidence in the companies affected?
If notices you received were like those in my inbox, they were contrite, clear, and factual about the breach. They likely also cautioned to be careful of emails that requested sensitive information or otherwise would violate the company privacy and security policies. In general, they conveyed concern and the intention to correct the problem, the appropriate response by responsible companies. I couldn’t help wondering why other customers of Epsilon that I also do business with may not have contacted me. Was their customer data not compromised or do they not care?
Now, how did you feel toward Epsilon? The eWeek article “Epsilon Data Breach Highlights Cloud-Computing Security Concerns” points out that the trust loss is incurred by the companies that use Epsilon, not Epsilon itself. The relationship between a company and its customers is likely to be adversely affected. Affected companies will have to do much more than just watch their inboxes more carefully to recover from this breach.
Epsilon and its customers will work hard to prevent this type of breach from happening again and to better protect data. The loss of good will and trust resulting from the breach, however, is a more difficult and longer-term issue. The eWeek article notes that this security breach will raise concerns about businesses operating in the cloud. Increased consumer distrust of the technologies that companies use diminishes the total user experience of a service and increases distrust of companies themselves. Such good will losses may not be explicitly covered by the standard contractual obligations or service-level agreements. How can companies and their customers regain trust and then plan to build trust in the future?
Consider a UX SLA.
By including user experience as a metric for successful service delivery, a service company would be accepting a shared responsibility for the relationship between customers of the service company and their customers. While not as familiar as metrics such as Mean Time Between Failure (MTBF) for systems and Average Speed to Answer (ASA) for customer support, user experience qualities that can be measured include greater customer satisfaction, trust, and the success of the overall user experience over the length of the service agreement.
The SLA@SOI project is researching what should constitute an SLA. Still a work in progress, the emerging framework could be extended to include a fundamental business concept such as user experience and satisfaction within the Business Management area and could establish user experience metrics as part of the Business Requirements and Assessment work. Other agreement models such as WSLA (Web Service Level Agreements) and WS-Agreements (Web Services Agreement Specification) could also be extended to include user experience as a metric for successful delivery.
If service providers explicitly define their commitment to the success of the end customer relationship in addition to the addressing technology performance concerns, they can increase the trust of both their customers and consumers. A UX SLA can make them a true partner in delivering a successful user experience for their customers.