When you have 2.2 billion active users worldwide potentially impacted by a data breach, it is a blunder. But more of a PR blunder.
Data collection is not limited to Facebook. If you exist in the society of now, own a smartphone and happen to run a couple of apps, chances are your user data is being collected by a tech company running these web services.
Breaches in personal data have become common place. The moment we ‘like’ a post or agree to the T&C fine prints before we start an app, we have allowed ourselves to be susceptible to data being stolen.
While fixing the product and regulations may take awhile, bringing the communications up to speed in times of such crisis may be less of a rocket science.
Here’s what we felt Facebook did well, and could do better.
What was done well
- Taking ownership at the highest level
Faced with multiple waves of backlash coming at Facebook, Mark Zuckerberg remains steadfast in owning the situation and responding to them, as opposed to passing the buck to another member of the team.
Putting a face to the brand in times of crisis is important. It helps assure the audience that someone is held accountable, and not just an organization putting out statements.
- Use of simple, clear language to communicate
“We didn’t take a broad enough view of our responsibility, and that was a big mistake. It was my mistake, and I’m sorry. I started Facebook, I run it, and I’m responsible for what happens here.”
In most crisis, the audience just wants closure and to move on from the incident. When the ownership of crisis is clearly communicated in a sincere manner, people are more likely to forgive and forget. Comments online have favorably been on the side of Mark Zuckerberg, with most calling him a true leader.
- Control the narrative with planned interviews
When Mark Zuckerberg gave CNN the exclusive one-on-one interview after news of the data breach broke, he was taking charge of how he wanted his audience-at-large to receive information from him. Rather than allow media to speculate and piece together information based on loosely quoted interviews, he chose not to be caught off guard, and convey his thoughts in a concerted way. The choice of media is also key. Choosing a media that is more neutral to the brand, giving it as an exclusive, does help take the heat off a notch.
- Clear Standard Operating Procedure
Facebook was swift to roll out a game plan right after the news broke:
i) Top executives were sent to key markets to meet with regulators and conducted inquiry sessions.
ii) All top executives were trained on key messages and bridged difficult questions with them.
iii) The key messages were structured to move the conversation forward:
- Acknowledge: I’m really sorry that this happened
- What could not be done: I wish we’d taken those steps earlier. That … is probably the biggest mistake that we made here.
- Next steps: We will make a full forensic audit
FB had a clear standard operating procedure (SOP) detailing how it was going to address the problem moving forward. With plans to restrict access to data in the future, Facebook is embarking on a major shift in its relationship with third-party app developers that have used Facebook’s vast network to expand their businesses. What was largely an automated process will now involve developers agreeing to “strict requirements”. This change is one of the many steps Facebook is taking to curtail developers’ abilities to access data.
For a start, Zuckerberg is taking the right steps to address operational failures even though time will tell if this is enough.
What could be done better
- Long lead time before responding to the public
Waiting for over two years before the news broke, and then for Facebook to acknowledge and come back with an honest apology might be too late, too little? When the brand is a media platform, and its community media owners themselves, taking the pro-active approach to inform users of the breach and providing steps to recover could potentially help Facebook lose less fans in this whole debacle.
While the #DeleteFacebook momentum may be losing steam, it sure has caused a dent in the brand, especially with prolific users such as co-founder of Apple, Steve Wozniak and founder of Tesla, Elon Musk, joining in the movement.
In the case of Adobe’s 2013 data breach, the company informed affected customers immediately and users appreciated the company being honest and upfront that their credit card numbers and passwords have been encrypted. Brad Arkin, VP ad CSO of Adobe, shared that it is not advisable to wait six months until every fact is out because then the actual information isn’t as timely for the people who need it.
- Lack of brand advocates
Strong brand advocates play an important role to rally support behind a brand in times of crisis. In the case of Facebook, a lack of advocates led to the tension leading up to the crisis. Corporate users like Tesla deleted their brand page and advertisers like Commerzbank and Mozilla suspended advertising on Facebook.
On the other hand, Under Armour had brand advocates including Olympians Michael Phelps and Linsey Vorm who took to social media to sing the brand’s praises during its 2014 Design Flaw scandal. Today, Under Armour has gracefully moved on from that crisis with their 2015 announcement of an extended sponsorship with the US speed skating team.
As a case in point, brand advocates play a role in determining whether a brand bounces back stronger or tarnished further. Building an eco-system of advocates take time and brands should start cultivating it as part of crisis preparedness way ahead of a potential crisis.