When a Crisis happens, the internal meeting and panic begins.
Legal seeks to stop all communications and reduce liability, whereas communications teams become overly aggressive and spin all communications in the most positive light they can.
Those differing points of view often cause delay, confusion, and the wrong messaging at the worst possible time.
Sony waited a full six days before alerting PlayStation users of the data breach, which infuriated not only customers but also legislators.
When managing a data breach crisis, here are seven general guidelines to follow.
1. Expect to have a crisis event
It's less about if you will have a crisis and more about when. That is especially true in today's networking age, where a 100% secure networking environment does not exist.
Chances are good that you will have a data loss or breach event, especially if you're in a targeted industry such as consumer, hi-tech, banking, aerospace and defense, or healthcare.
2. Have a predefined crisis communication plan in place
A predefined plan, at a minimum, should be a framework of how to handle a breach and should offer guiding principles for communications.
For companies that have identified some specific risks, such as stolen customer data, the plan can have scenarios charted out. For example, what would the plan be if credit card numbers were stolen?
Your plan should also list the members of the crisis team, the guiding principles of your communication (open, honest, factual, etc.), the designated spokespeople, and even templated communications reviewed by Legal.
Review the plan from time to time to ensure it stays fresh in everyone's mind.
3. Acknowledge the problem immediately
Take a lesson from the Sony saga. A crisis event is not the time to circle the wagons. According to Jonathan Bernstein, president of Southern California-based Bernstein Crisis Management and author of Keeping the Wolves at Bay: A Media Training Manual, "You can't hide anymore."
"If a crisis occurs in Biloxi, Miss., or Muskoka, Iowa, if it appears in the local paper, it is an international situation instantly because of the Internet," BusinessWeek quotes him as saying.
Thus, any communication professional who thinks they can just shove an incident under the rug is grossly mistaken. The longer you wait to disclose the issue and its potential risks to customers or stakeholders, the worse off you will be.
4. Become the news-breaker
Companies lose when they do not become the news-breakers, instead remaining the newsmakers. The crisis is yours, so use that to turn the tide and become the irrefutable source of accurate and timely news.
5. Use social media
As we learned from the recent uprising in Egypt, Twitter is often the first place news breaks. As Fast Company blogger (and principal analyst at Altimeter Group) Brian Solis recently wrote, "News no longer breaks, it tweets."
Understand that in the era of socially enabled communication, you're no longer in control. Nevertheless, the new (and more powerful) tools you have will help you turn the tide from being the newsmaker to becoming the news-breaker.
6. Be accountable
Once the news about the crisis is out in the open, people will automatically begin to question who is at fault. The answer (respectfully, from one communication professional to another) is you, a member of the marketing and communications team.
I know, I know, you probably had absolutely nothing to do with it. It may have been Bob in IT, evil hackers, or some third party you worked with two years ago, but your customers could care less.
Still, you are ultimately responsible for communicating to not only your customers but also the general public. Own the issue and identify what you're doing to resolve it. If you don't know the full details, say so, but offer a timeline and series of steps you'll take to shed light on what you're going to do next.
Be honest, open, and transparent. The public and your customers will respect you more, and your brand will face less scrutiny in the end. The moment that doubt of transparency or honesty has been seeded, you will be behind the eight ball in managing the crisis.
7. Make it right
And by "make it right" I don't mean offer those affected (customers or whoever else) free movies or other ridiculously inadequate consolation prizes, as we have seen happen far too often. Even if you can't make it right instantly, as Sony was clearly unable to do considering that the PlayStation Network was down for weeks, tell those affected what you will do. And do it quickly. You need to figure out what the best resolution will be ahead of time, even if it is impossible to resolve the problem right away.
Sony did attempt to make amends by offering US users a year of free identity-theft protection, backed by a $1 million insurance policy, along with a package of free games and movie services as compensation. However, Sony waited weeks to present users with what ended up being little more than a peace offering.
Once again, we can learn from Johnson & Johnson here because it recalled everything, and did so immediately. The first Tylenol-related death was discovered on September 29, and on October 5, Johnson & Johnson recalled all 31 million bottles of Tylenol in circulation in the US. The company moved at Internet speed even though the Internet wasn't around at the time.
* * *
Those seven steps, though a good start, are by no means comprehensive. Every brand and situation is different. Regardless, think ahead and expect the unexpected! Sony is a multibillion dollar corporation, so I'd venture a bold guess that it actually has a crisis-communication plan stored away, collecting virtual dust on a server somewhere. And I'm certain that remaining silent was not part of it.
Don't just have a plan. Make sure your team knows the plan and can implement it when necessary. After all, you don't want to become another "lesson learned" in the marketing annals.
Read more: http://www.marketingprofs.com/articles/2011/6128/a-seven-step-guideline-in-crisis-communication-lessons-from-the-sony-playstation-network-breach#ixzz1b2Xc0di8
