Corporate communications

The coronavirus pandemic has resulted in an orgy of news stories, commentary and analysis in which the terms crisis, disaster and emergency have been used almost interchangeably. What is the correct terminology?

According to Muckrack’s Trends research tool, the terms crisis and emergency dominate media headlines and body copy.

These three terms are closely related and overlap significantly, yet each has its own distinct meaning and implications.

A crisis is an issue or event that invites unwanted external scrutiny, seriously impacts an organisation’s ability to do business, and jeopardises its reputation. There are many types of crises (and non-crises); research shows most crises stem from management weaknesses.
An emergency is an unplanned event such as fire, flood, evacuation, violent crime or fatality that affects an organisation locally and requires immediate action. The impact of an emergency is generally limited to the initial event itself.
A disaster is a severe situation that affects broader society and which has the potential to interrupt business operations on a longer-term basis. Examples include an earthquake, a tornado, a major flood or power outage, or a serious health pandemic.

Despite the coronavirus technically classifying as a disaster, it is no surprise that journalists and commentators prefer the term crisis given it is media shorthand for pretty much anything that goes or can go wrong.

Blurred boundaries

Yet the boundaries between crisis, emergency and disaster are less straightforward than they first appear.

The coronavirus may be a disaster for health organisations and inter-governmental organisations, but it is also resulting in serious crises for companies shut down by government decree or mishandling how they manage their response.

And a really serious crisis resulting in significant environmental, social, economic or geo-political damage – think BP Deepwater Horizon – is often termed a disaster (‘a crisis with a bad ending’), or even a catastrophe.

Communicators beware

Crisis teams and communicators, however, should take real care with their terminology. Planning and responding to serious negative events requires precision with what words mean and imply.

A health pandemic necessitates a different response to a workplace fatality or data privacy breach. Different teams are often involved, and each scenario demands different policies, protocols and messages. Activating the wrong plan can be disastrous.

While COVID-19 is growing exponentially, it is no emergency, no matter what the media says. But it is a crisis for some organisations and a disaster for others.

And for a few, it spells potential catastrophe.

Data breach communications under GDPR and emerging privacy regimes

March 28, 2019

Corporate communications, Corporate reputation, Crisis communications, Cyber & data privacy communications, Reputation management, Reputation risk management

Leave a comment

Complex, technical and emotive, data breaches are tough communications and reputational challenges at the best of times.

The EU’s GDPR ups the ante. Not only does it raise the prospect of bigger fines but it increases the likelihood of greater legal liability and reputational damage.

Widely regarded as the gold standard for data privacy across the world, GDPR is being adopted by many countries and regions, including the Asia-Pacific Economic Cooperation.

What does the GDPR mean for business leaders, communicators, risk managers, lawyers and others preparing for tougher data privacy laws across Asia and responding to data breaches in the EU?

Here are some important principles to bear in mind:

Take swift, decisive action to address the problem

Companies have no option other than to move fast under GDPR. There are only 72 hours to establish what has happened, assess the likely damage, notify the regulator(s) and communicate with those impacted can seem like precious little time, especially when the facts remain unclear.

Notification and communication can appear especially daunting when the hole remains open and the facts are unclear. Yet, the quicker a company moves to fix the hole and the more decisively it does it, the more likely it will be able to limit the actual and potential damage and rebuild confidence.

Err on the side of caution, but do not panic

It is easy to feel like you are being press-ganged into publicly disclosing a data breach. In fact, not all breaches need to be reported to the regulator, and some don’t need to be reported within 72 hours.

Some breaches do not pose a high risk to those impacted, while others may be considered temporary. In some cases, the data involved is unintelligible and/or already in the public domain, in others, the effort involved in notifying the regulator may be considered disproportionate to the actual or likely damage.

In such instances, a company may choose to inform the customer of an incident without notifying the regulator or making a public statement—provided it is confident it is on a safe footing legally.

However, generally, it is best to err on the side of caution and report a breach to the regulator. If one is unclear, information regulators will generally advise whether it needs to be reported. They may also provide guidance on whether it should be communicated with those impacted.

That said, there may be some instances in which you feel it is more important to communicate immediately with those impacted, before notifying the regulator. For example, where the data involved is extremely sensitive, or where a supplier processing data for a business customer is breached.

There are also good reasons to be wary of going straight to the data subject. Customer and stakeholder expectations vary widely on data privacy and, in the wake of an incident, their behaviours can conflict. And news of a breach typically becomes public as soon as it has been communicated with those impacted.

Whichever route you choose, it is usually best to err on the side of caution. There’s no need to panic.

Be open and honest

The GDPR and emerging data privacy policy frameworks are fundamentally about transparency and trust, with organisations expected to be open and honest about data privacy in general and data breaches specifically.

EU information regulators have said they will take seriously anything that puts these twin principles into jeopardy and that they are willing to expand investigations beyond assessing IT/cybersecurity governance and controls to testing compliance in areas like technical competence and education and training.

The same goes for customers in Asia, who increasingly expect organisations to be honest about their shortcomings and to move quickly when something goes wrong.

Consider carefully how those impacted might be affected

Understandably, company leaders and executives fret primarily about the sensitivity and volume of data involved in a breach and what it means for the well-being of their employer. But it is just as important to pay close attention to those impacted and to the context in which the incident has occurred.

In August 2018, British Airways suffered a major breach involving the personal and financial details of over 500,000 customers. Despite no evidence of fraudulent financial activity at the time, British Airways quickly appreciated that the potential for lasting reputational damage was significant, given the large number of payment card and CVV numbers involved.

Hence the airline’s decision when it acknowledged the breach to offer compensation to customers for any financial hardship suffered—a promise that may result in significant payouts and higher insurance premiums going forward. The decision almost certainly also took into account the overwhelmingly negative reaction to the airline’s 2017 IT systems outage.

Consider carefully the needs and expectations of those impacted, the degree of external and internal scrutiny the incident attracts, your firm’s historic reputation, perceived culpability and other factors when you respond to a breach.

Don’t walk away

From a communications perspective, it is tempting to treat a breach as a one-off negative event to be resolved with a little timely public grovelling.

This is a mistake.

Nowadays, people take naturally to social media to vent their experiences and concerns, which can easily spiral into secondary news stories. Leaks are common, and breaches easily bleed into other business issues, thereby aggravating the situation and elongating the news cycle.

Worse, GDPR means regulatory investigations, fines and litigation are more likely, resulting in additional negative publicity. In the process, you may also come under greater pressure to publish internal and expert investigative reports.

It is important to understand that a breach is often just the start of the reputational battle, and that you must stay – and be seen to stay – the distance in all facets of your response if you are to have any real chance of success.

Align your response

The messiness and complexity of data breaches and the need for different business units to be involved in the response can result in sloppy, inadequate, or inconsistent communications.

Given the expanded legal obligations under GDPR, the likelihood of the emergence of equivalent regimes across Asia and heightened public awareness of data privacy rights, it is particularly important that companies’ legal and communications responses are properly aligned.

Legal and communications teams can sometimes be at loggerheads, so this is not necessarily as straightforward as it sounds. It need not be difficult. Unlike in a court of law, in the court of public opinion, a business is presumed guilty until it proves its innocence.

This doesn’t just mean one should be as open and honest as possible and that one’s rhetoric always meets reality. It means that a company must look at the wider picture, avoid inappropriate legal threats, actions, and lawyerly sounding statements, and apologize sincerely when it is at fault.

By following these principles, you will be less likely to botch your business and communications response to a data privacy incident.

More important, you will be in a much better position you to persuade your customers and others that you are acting in their best interests.

This article was first published on BRINK Asia

Six reasons why your online reputation is not your reputation

March 25, 2014

Corporate communications, Crisis communications, Online reputation management, Reputation management

2 Comments

An article in yesterday’s New York Times on General Motor’s use of social media to respond to its ongoing ignition switch crisis raises an interesting question: why, when the mainstream media, the company’s Facebook page and other online channels are full of complaints has its broader online reputation barely been impacted (according to data from Crimson Hexagon)?

If you were in GM’s shoes, which would you regard as the more accurate and useful reflection of its corporate reputation at this tricky time: online reputation or mainstream media coverage (irrespective of concerns about the quality of social media sentiment data – though, to be fair, it is in my experience better than most at Crimson Hexagon)?

Social media’s role as a real-time focus group of thousands sounds valuable and useful.

Your online reputation, after all, is your reputation.

Or so it is said.

But whilst this is a nice marketing phrase, it is also highly misleading.

Here are six reasons why online reputation needs to be treated with caution as a measure of broader reputation:

Reputation is the sum of how many different stakeholders, from customers, employees and investors to government, investors and suppliers, view a company
These stakeholders often have different interests and talk about different topics in relation to the company
A company’s online reputation is almost always dominated by discussions by customers and prospective customers about its products, especially if it is a consumer goods or services player
While many customers now like to communicate with companies via social media, the great majority still prefer to use conventional channels such as call centres to register and resolve customer care queries and complaints, meaning many negative perceptions never make it online
Some stakeholder opinions are rarely voiced in social media. When was the last time you heard a high-level regulator actively discussing a company on Facebook? Ditto for pension fund managers or buy-side analysts on Twitter?
The relative importance of different types of stakeholders varies over time. During its current recall crisis, GM’s core audiences will be the government, its customers and investors, and it is on them that it is most likely focused as an organisation.

‘Online reputation’ (however measured) is a reasonable and timely indicator of a firm’s broader reputation from a customer or general public perspective.

But it should not be treated as an accurate or comprehensive reflection of the full range of views or, necessarily, of the relative importance of different stakeholders to that organisation, at any given time.

In this regard, mainstream media is often a more useful gauge of non-customer stakeholder audiences, including government and business opinion-formers.

Companies would do well to listen closely to both social and mainstream media for different if complementary reasons.

Book review: The PR Masterclass, by Alex Singleton

February 25, 2014

Communications & public relations, Corporate communications, Influencer communications

Leave a comment

Public relations is fifteen times (pdf) more effective than advertising. And at least 95% of public statements and PR pitches end up as email detritus, spiked by hard-pressed or incredulous journalists or funnelled down the black hole of news aggregation services.

Why?

After all, much of the paraphernalia of today’s PR practitioners – press releases, media advisories, backgrounders – are carefully scripted, on message, and pour out of corporate offices and PR agencies like streams of confetti.

Sounds like music to journalists’ ears.

The reason, according to Alex Singleton in his new book The PR Masterclass, is that most PR pitches fail to understand the needs of journalists – story ideas that grab their readers’ attention.

Singleton should know. A former journalist at The Daily Telegraph and Mail Online, he would have developed an instinct for what his readers were interested in, the kinds of stories that would grab their attention and what constitutes successful, and ineffective, PR.

The PR Masterclass is studded with examples of good, bad and ugly PR, from a local tea blender on the south coast of England wooing the BBC by creating the world’s largest tea bag, to Whitehall departments refusing to pass on interview requests to their political bosses and a top global bank attempting to spin layoffs as ‘repositioning actions to reduce expenses’.

For those of us who have worked in journalism much of this sounds familiar, a good deal of it depressingly familiar.

But while this book is notable for the thoroughly practical way it sets out how to develop newsworthy story ideas, maintain a effective list of journalists, write and pitch press releases, run an effective press office and many other PR basics, what sets it apart is its refusal to succumb to the disease of many business books: a delight in pointing out what is challenging or wrong but providing all too few actionable solutions.

And here the solutions are set out in technicolour detail. How to write a press release headline and build an effective media list. Why anonymous letters can work for personal finance sections of newspapers but not for general readers’ letters. Why most newswire services are a waste of money, but which are worth their salt. And so on.

Arguably, The PR Masterclass suffers from a couple of limitations.

First, it is written from an (unashamedly) western perspective. But while building strong relationships with journalists is central to PR anywhere, a well-trodden path to media coverage in China (and plenty of other emerging markets) is to pay the journalist and/or buy advertising space.

The book also takes a fairly narrow view of PR, centred on media relations. Singleton argues persuasively that the conventional media still matters, despite all the talk about social media.

I concur.

But what constitutes mainstream media has now expanded significantly, with some blogs rivalling the online efforts of major broadcasters and newspapers.

The Business Insider now has a higher readership than the Wall Street Journal.

And as Ryan Holiday has pointed out, these organs can operate by very different rules and demand a muscular and visual approach to PR.

Nonetheless, neither seriously detract from a highly readable and eminently useful addition to the PR canon, and one which should be required reading not just for communications students but for any organisation that wants to get its message out credibly and persuasively.

Disclosure: I was provided with a review copy of The PR Masterclass by Wiley

—

Transforming digital communications in Asia

February 16, 2014

Corporate communications, Digital & social media communications, Online reputation management, Reputation management

Leave a comment

It came as something of a shock. Arriving in Singapore from London in 2006 to run a global PR consultancy’s digital capabilities across Asia-Pacific, it quickly became clear that while digital marketing in the region was in rude health, corporate use of digital communications was often poor and sometimes non-existent.

Why?

Budgets were small and the outlook mostly short-term. Many firms were struggling to understand the role and value of online PR. Key stakeholders were apparently not yet using Twitter. For companies, websites were Kings; email and search were its Queens and social media was but an Infant mewling about buzz and bloggers.

Much progress has been made over the past few years, not least a broad realisation that a proactive approach to digital communications that includes social media is a must-have. And well it should be. Asians are some of the most mobile, networked and digitally-savvy individuals in the world. The world’s most social consumers in virtually every product category, Asians not only consume huge volumes of online content but also create more videos and other output than people in any other region.

Equally, many Asians are increasingly aware of their rights as consumers and citizens and are prepared to take a public stand when they see these rights compromised. Negative product and service experiences are widely shared online, as firms such as Vodafone and Dolce & Gabbana have discovered to their cost. Civil society actors such as WALHI in Indonesia are using the Internet and word of mouth highly professionally to force change. Suddenly, the range of potential reputation red lights has expanded significantly.

While there has been a flowering of company Facebook pages and Twitter and Weibo handles over recent years, there remains plenty to do if organisations are to fully leverage the benefits and limit the threats inherent in today’s digitised communications landscape.

VMA’s recent Pulse study on corporate communications trends in Asia identifies three key digital challenges for corporate communication teams:

Thin understanding and education
Lack of budget, dedicated or otherwise
Concerns about what employees may say online.

How should corporate communications teams accelerate their digital transformation? Here are three topline recommendations:

Education: While much traction for social media can be gained through trial and error, substantive progress is unlikely to be achieved without the buy-in of company leadership. Make a though and objective assessment of the broad range of opportunities and risks of social media and, if you don’t have one already, identify a strong and respected internal executive champion to establish ownership and authority, take responsibility for educating the CEO and other senior leaders, and to sell the vision. If that individual is in brand marketing or another function outside communications, make sure they are on your side and that you have a consistent vision. And whichever operating structure is chosen for digital/social media (centralised, de-centralised etc), ensure your team is actively playing its part and leveraging its known strengths: internal access and influence, external listening and engagement, management of corporate reputation.

Budget: Budgetary support will increase as a result of leadership confidence and buy-in. Don’t get hamstrung just because there is not a standalone digital/social corporate communications budget or figure that social media should live in PR. Many firms now have dedicated social media teams that sit independently of communications; for instance, while social media resides within marketing at Ford, the Digital Acceleration team at Nestle owns social media and reports simultaneously to marketing and corporate communications. Beyond this, be clear what you are trying to achieve and report regularly using metrics that are relevant and understandable to top leadership.

Behaviour: Increasingly, communications is seen to work in the long-term interests of a company’s reputation, providing it with a legitimate interest in ensuring sound employee behaviour. Accordingly, communications should work closely with other relevant areas of the business to identify and mitigate possible behavioural reputational risks, rather than simply having to manage them once they occur. Many organisations now have a corporate social media policy of some description that sets out the parameters of employee behaviour in social media, but few have successfully ensured that their people (as well as others within their ecosystem such as sales agents) fully understand and live by these documents.

In my experience working both in in-house PR and as an external communications and social media consultant, the image of corporate communications can suffer by appearing too far removed from the realities of day-to-day life in the trenches.

Social media makes managing reputation in real-time a company-wide prerogative. Corporate communicators must get into the trenches and fight the good fight. Being seen to do this will help accelerate digital as much as anything else.

—

First published on VMA Group blog. I am an Associate at VMA Enhance, VMA’s professional development arm

—Charlie Pownall 查理·保诺

Reputation management and communications

Archive

Corporate communications

Is the coronavirus a crisis, disaster or emergency?

Blurred boundaries

Communicators beware

Like this:

Book review: The PR Masterclass, by Alex Singleton

Like this:

Blurred boundaries

Communicators beware

Share this:

Like this:

Take swift, decisive action to address the problem

Err on the side of caution, but do not panic

Be open and honest

Consider carefully how those impacted might be affected

Don’t walk away

Align your response

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this: