Archive

Reputation risk management

Since the start of the year a rumour has been swirling that Facebook has been using a then-and-now facial recognition photo-sharing challenge to collect data about users and improve its AI algorithms. The social network denies it started or is involved with the challenge. 

That people suspect Facebook of being involved, and that the rumour went viral, is indicative of the suspicion with which the company is held since its flaccid approach to privacy became widespread public knowledge.

Multiple data privacy violations

These suspicions are not new. There was the row over Facebook’s Beacon user-tracking service in 2007, concerns about facial recognition, a bungled psychological experiment into the moods of its users, and run-ins with the US FTU, ACLU and privacy commissioners in multiple jursidictions over many years.

According to Google, there has been considerable public interest in privacy (mostly as a proxy for internet and/or data privacy) for many years.

Google: Data Privacy News Trends


Facebook had plenty of time to tackle the problem and prepare a meaningful response. The Guardian’s initial story in December 2015 about the covert harvesting of user data by Cambridge Analytica did not ignite until whistle-blower Christopher Wylie lifted the lid on Cambridge Analytica twenty-six months later.

Yet they did little to address the core of the privacy issue, Mark Zuckerberg disappeared as soon as the story ran, and Facebook’s value dropped USD 119 billion in a single day. Zuckerberg hardly helped matters by refusing to appear before the UK DCMS Enquiry into Disinformation and ‘Fake News’.

How did Facebook fail to anticipate a major privacy crisis when the writing had been on the wall for so long? Were its leaders truly ignorant and out of touch, or simply failed to act substantively on the many warning signs? Why did they behave the way they did? Was Facebook’s experience isolated, or consistent with other reputational meltdowns? 

Reputation risk management

These are the kinds of questions posed by lawyer Anthony Fitzsimmons and insurance expert Derek Atkins in their book Rethinking Reputational Risk, in which they get to practical grips with the notoriously knotty, slippery topic of reputation risk management.

Rethinking Reputational Risk

Drawing on analysis of recent high profile crises such as BP’s Deepwater Horizon spill, Barclays’ LIBOR rigging, Tesco’s false accounting, and the VW diesel emissions scandal, the authors argue that the problem lies in the complexity of many modern businesses, the emergence of multiple online ‘unseen systems’, fast-changing stakeholder behaviours, inadequate listening, issues management and crisis preparedness, and an unwillingness to get to the root problem of problems and failures, chiefly due to over-confidence, complacency and hubris.

All this sounds familiar. But the book comes into its own when it addresses the failure of ‘classical’ risk management and the three/four line of defence model, which is regarded as overly rigid and ill-suited to handling the many and varied behavioural risks, from weak culture and values and inappropriate incentive schemes, to the blurring of personal and professional lives and the character and personality traits of senior leaders.

The authors rightly argue that reputation risk is first and foremost a leadership responsibility, and too often it is at Board level that things fall down. Board failures were involved in 50% of the 42 crises studied.

Why?

Because Boards are essentially self-selecting, and overly reliant on people with financial and operational experience, as opposed to the forensic, analytical, behavioural and digital skills that are required in today’s globalised, networked and inherently volatile economies. There is much in this.

Since concerns about Facebook’s approach to privacy first started emerging several years before its murky dealings with Cambridge Analytica came to light, Mark Zuckerberg and Sheryl Sandberg have admitted that they should have taken user privacy far more seriously.

The important question on why they didn’t heed the warning signals earlier appears to have a single plausible answer: user privacy was regarded as a price worth paying for growth, and they would make the most of it while the sun shone and regulators, politicians, customers and the general public had more important fish to fry.

Mark Zuckerberg may insist he is personally responsible for Facebook’s privacy lapses, but Facebook’s board is also responsible and must prove itself equal to the task of fixing the holes properly, and holding its CEO to account. Its members would do well to read Fitzsimmons and Atkins’ excellent book.

Meantime, Facebook must shoulder part of the blame for the many rumours about it – be they accurate, misinformed, or plain false.


Crisis Proofing - How to Save your Company from Disaster, by Tony Jaques

Whey protein concentrate (‘WPC 80’) may not be the best known or sexiest product, but it is certainly big business. Deriving from cow’s milk, and a by-product of cheese production, it is used in baby formula, beverages, and a host of food supplements, including for bodybuilders.

Like other dairy products, WPC 80 is susceptible to contamination, the result of which can be deadly when digested. So when Fonterra, New Zealand’s largest company and the world’s largest dairy products producer discovered in July 2013 that 38 tonnes of concentrate had tested positive for botulism, a recall was quickly announced.

The trouble was, later tests by the government found no evidence of botulism and that the recall had been a false alarm. However, considerable damage had already been done to Fonterra, with several countries announcing milk product import bans and the company’s reputation for product quality in severe jeopardy.

The company’s independent inquiry (summary – pdf) into the incident concluded that, among other things, Fonterra was ‘not ready for a crisis of this magnitude’, that there had been a ‘failure to join the dots’ between botulism, infant food products, consumer sensitivities and the firm’s reputation, and that the company’s risk and crisis processes needed overhauling.

Fonterra’s top brass would have done well to have read Crisis Proofing, Tony Jaques’ book on how organisations should reduce the chances of a crisis happening and minimise the damage that may arise should a crisis occur.

While he gives many useful tips on crisis response, including how to navigate legal advice on apologies, Jaques’ background in issues management means his insights and practical tips on the leadership mindset, strategic approach and planning processes that enable companies to avoid train wrecks in the first place are particularly valuable.

In my experience, many companies place undue emphasis on identifying risks (especially, given their slippery nature, reputational risks), at the expense of ensuring their issues management processes work properly – an area Jaques excels in. For example, he lambasts the probability/impact and significance/influence issue prioritisation models as crude and over-simplified and instead sets out a more comprehensive and nuanced proprietary model based on an issue’s Impact, Salience, Visibility, Affectability, Proximity and Profile.

Jaques also takes aim at the reactive and ad hoc approach taken by many organisations to managing issues. Too often, he says, companies are overly focused on recording and tracking risks, and tweaking the identification, tracking and decision-making processes for the benefit of management and risk committees, as opposed to actively working to resolve them in a clear and strategic way. By contrast, his Do-it issue management model (chapter 8) is a model of clarity, practicality and focus.

At the heart of Crisis Proofing is a call for mindful leadership of the top-down variety that can seem contrary to the open and horizontal forms of organisational decision-making pushed by some contemporary management thinkers. Yet, as Jaques argues, effective crisis management demands hands-on, decisive and swift decision-making at the very top of the organisation, and a willingness to learn from mistakes and make changes.

As such, while many of the tips in Crisis Proofing are useful in day-to-day risk, issues and crisis management, the book is especially relevant to those leaders and senior decision-makers directly responsible for their organisation’s strategy, culture and reputation.

It is a book I recommend wholeheartedly.

Disclosure: I was asked by the author to review the chapter of Crisis Proofing on social media, and was subsequently provided with a review copy of the book by Oxford University Press. I also discuss Fonterra’s WPC 80 botulism scare in my book Managing Online Reputation

I had the pleasure earlier this week of talking to early-stage entrepreneurs and assorted others about the importance of building trust from the get-go.

Providing a genuinely useful and usable experience with great customer service is the starting point for many start-ups, but one that is nowadays expected as the price of admission.

Customers, the general public and others are able to act immediately on bad experiences and are increasingly intolerant of perceived poor behaviour by companies.

The travails of companies like Uber and Theranos show that having good governance, being open and transparent – including preparing properly for when things go wrong – and having strong values and a clear purpose are essential if a start-up is to build trust over the long-term.

Here are my slides:

 

One of the pleasures of working in a start-up office space is being surrounded by entrepreneurs and would-be entrepreneurs, which makes for an interesting, exciting and positive environment.

In the rush to get up-and-running, generating revenue and turning a profit, most start-ups focus on product and marketing. This is eminently sensible: both are building blocks of a strong and healthy reputation.

But long-term reputation and communications are often overlooked in the mix. Uber’s current travails are an obvious example of this, with its perceived arrogance and willingness to play dirty resulting in severe friction with local authorities and access issues in multiple markets.

On which, here is an article I penned recently for Jumpstart HK magazine on how start-ups can build trust from the get-go.

See also my presentation on the same topic.

 

 

%d bloggers like this: