(Updated: December 2020)

2020 has been chaotic, to say the least, and it’s not over yet, especially when it comes to data breaches! News of the SolarWinds data breach this week has cyber-security experts and Fortune 500 brands alike on high alert. This breach alone is thought to have impacted an estimated 18,000 companies.

Sure, data breaches dropped 33% in the first half of the year. That’s great if you weren’t impacted by one of the >500 reported breaches that did occur. This list is extensive, including well-known names like Marriott and Nintendo, that affected 163.5 million people. That means 163.5 million data breach notification emails had to go out – and that’s where many companies end up doing even more damage.

How Recovery Efforts Go Wrong

When you send out a mass email without checking first for toxic email addresses, you can damage your sender reputation and get locked out of the inbox. Doing your list hygiene due diligence before sending is one of five steps to make sure your “abundance of caution” emails get delivered and opened.

5 Steps For Sending Data-Breach Notification Emails

Forewarned is forearmed: Don’t skip any of these steps to save time. One shortcut could undo all the work you did to protect your deliverability.

Why? Because the even the best brands can get into trouble with email data that has gone bad over time. It doesn’t matter if the vast majority of your data is pristine. A few toxic email addresses are enough to cause major problems. Failing to identify and weed them out can get your company’s sending IPs blocked and blacklisted. This is the worst case scenario when you’re trying to send an urgent communication to maintain trust.

Data Breach Notification Step 1: Check your lists

Most U.S. state and federal data security laws give you between 30 and 60 days to notify people affected by the breach.

  • Canada’s PIPEDA (Personal Information Privacy and Electronic Documents Act) doesn’t specify a data breach notification window.
  • The EU’s General Data Protection Regulation requires organizations to report a breach to a supervisory authority within 72 hours but says notifications to people affected by the breach should be made “without undue delay.”

But even laws with a limited notification window give you enough time to conduct a deep cleanup of your database. This requires more than just flagging hard bouncing email addresses. It’s imperative that you’re able to detect and remove deliverable but problematic or low-value emails like these:

  • Spamtraps
  • Role accounts like “help@XYZ.com” or “support@XYZ.com”
  • One-time-use (disposable) addresses
  • Long-term inactives (no opens or clicks in more than a year)
  • Addresses on the ANA’s “Do Not Email” list
  • Frequent spam complainers

Use FreshAddress’ Free List Check for a fast, high-level diagnostic check to find out how much of your list includes dead and dangerous addresses BEFORE you send any data breach notifications. It scans your list for problems including invalid, fake, disposable and spamtrap addresses and frequent spam complainers.

It’s free (really, no hidden costs, no credit card required), and you get your report in minutes, with information like this:

(Check the full report here)

If your scan uncovers issues, this will help you make the case for full validation with full results. Free List Check doesn’t flag individual addresses as valid, invalid or problematic. For that, you need to set up a secure client portal account with paid full access capabilities.

Data Breach Notification Step 2: Correct Problems

Use a paid service like FreshAddress’ three-step SafeToSend. Our solution checks for problems, corrects malformed or mistyped addresses and flags addresses that need more attention. You’ll receive a report that shows exactly which addresses are:

  • Valid,
  • Invalid, or
  • Deliverable but problematic.

Depending on your list size, you’ll get your results one to seven business days (or less). That’s doable under even the tightest notification timeline in the U.S., but don’t wait until the last minute to start.

If you want to see this process in action, read a case study that explains how a client in the health and fitness industry successfully emailed millions of customers about a data breach after cleaning a list that had more than 100 million addresses. Besides helping to mitigate reputational damage and keep customers informed, the company also saved several million dollars in postage by using email instead of direct mail.

Data Breach Notification Step 3: Send Notifications In Waves

Now that you’ve got your freshly cleaned list, don’t send a blanket email out all at once. Segment your list from least (your 100% guaranteed deliverable addresses) to most risky, and roll out your notification campaign over several days.

Data Breach Notification Step 4: Track And Act

Check your deliverability reports regularly, and suppress any addresses that hard bounce even after cleaning or which generate spam complaints. Segment your inactive file.

Data Breach Notification Step 5: Add Real-Time Verification

Blocking bad addresses from your email database is your first step in keeping your lists as fresh and clean as possible. Real-time verification at opt-in can flag malformed addresses, typos, role accounts, previously suppressed addresses, fake and disposable addresses and prompt users to correct them right away.

Set up a real time API or auto-batch process to keep newly acquired email addresses clean and safe to send and to improve your overall email results.

Wrapping Up

Hearing from trusted brands is more important than ever these days. I hope you are NOT dealing with data hacking and data breach notifications. If you must, our goal is to ensure your urgent communications:

  • Receive positive engagement, and
  • Reduce risk to your sender reputation.

Running email validation, correction and spamtrap identification before data breach or any major notifications protects your brand and avoids making things worse. A lot is riding on your data breach notification emails. This includes:

  • Complying with data security laws,
  • Keeping customers informed,
  • Rebuilding trust, and
  • Mitigating damage to your brand and sender reputation.

That’s why you have to be sure that your emails will get delivered successfully and not end up in spam folders or blocked from the inbox because of bad sending practices. Once you get past the heavy lifting of list hygiene and sending out notifications, take some time to get out ahead of future problems.

Have questions about email deliverability codes and best practices? We’re happy to assist in any way possible and would love to show you how FreshAddress can set you up for success! Feel free to contact me at KRogers@FreshAddress.com. 

Recent Posts

In my first Only Influencers post, 8 Tips to Turn Subscribers into Loyalists, I shared tactical advice on how to use the power of email to help your subscribers become loyal customers. Each tip is something you could employ quickly to encourage your email subscribers to connect with your brand and to keep building on that […]

As you put your 2022 marketing plans together, you’ll concentrate on acquisition, budget and campaigns. We would like to add another item to your list and move it to the No. 1 priority: Your data! Why data? Because data is the lifeblood of your marketing program. Without fresh, accurate and useful data, you can’t market […]

We want to wish all of our FreshPerspectives readers a happy, healthy, and prosperous 2022! As we close out 2021, it’s a great opportunity to set priorities for the coming twelve months. Whether you’re new to email marketing or an industry veteran, consider these New Year’s Resolutions to help ring in a banner year in […]
Chat with us