I got an interesting call last week. The vice president in charge of public relations from Circles gave me a call. Circles is the company that provides concierge services for American Express.
A number of their current and former employees have commented here at Productivity501 and one revealed what Circles considered to be proprietary confidential password from their client, American Express. The VP of PR asked that I remove the password.
Me: I vaguely remember a comment that had some type of access code in it, but it just looked like a telephone number. Is that what we are talking about?
Circles Public Relations: It has the same number of digits as a telephone number, but it is a password that shouldn’t be public.
Being such a nice guy and sensitive to the difficulties of being a PR professional in the the modern online world, I offered to remove this sensitive information. After I got off the phone, I started wondering why in the world they would call to ask me to remove the “password” instead of just changing it. When I got back to my computer, I started to replace the number with X’s and then decided to try something. I typed the “password” into my phone and sure enough, it was one of the many telephone numbers for American Express. (I’m assuming that people who have the number on their card are authorized to use it.)
I called the public relations person back to let her know that I had removed the offending telephone number. I pointed out that, if she was really concerned about it being a security issue, they should change the password instead of trying to get every place it is published on the web to take it down. (It is published all over the web.) I also suggested that they should use something a bit more secure than a phone number.
She didn’t seem interested in my free security advice, so I assume her public relations concern had more to do with the fact that the “super secret password” was coming from a former employee rather than coming from any concern for actual security. The “password” is probably set by American Express and her concern is more to make sure Circles isn’t giving away any “confidential” information that came from their biggest client.
Before I said goodbye, I thought I should take advantage of the fact that I had a high-level person from Circles on the phone and ask how to get the most productive use out of the concierge service they provide for American Express.
Me: While I’ve got you on the phone, I have a question about Circles. My experience with the American Express concierge service has been all over the place. Sometimes I get incredibly great service, other times it is extremely lacking. Do you have any tips for making the most of using Circle’s concierges?
Circles Public Relations: I really can’t comment on that.
I thanked her and said goodbye. After disconnecting the call, I had to laugh. Maybe she has some type of agreement with American Express not to discuss the concierge service. Who knows. But here is a little business secret. If someone asks how to get the most from your company’s services, “no comment” is a horrible reply. It is particularly horrible when coming from the person responsible for public relations and it is even worse when given to the owner of a web page about your company that is in the top results on Google. (It isn’t quite as bad as United’s handling of a broken guitar.)