There have been numerous breaches at major consumer retail companies over the past year. Most of these are followed with some kind of “apology letter,” laying out what customers can do to protect their credit and what information was stolen from the retailer’s databases. Sadly, there aren’t any shining examples from this collection of correspondence. And the cases that I’ll cite here are what to avoid rather than to mimic. But there are some important lessons to be learned, both from designing the best apology letters to improving IT practices post-breach.