A month on, and Facebook seems to have weathered the worst of the storm – their share price is recovering and the shareholders somewhat pacified. The twenty-four-hour news cycle has allowed the company to slip out of the limelight, with fewer voices now calling for Mark Zuckerberg to resign from his position as CEO.
Yet Facebook appears to still be struggling to grasp the implications of the Cambridge Analytica scandal on their reputation. Although he faced a congressional grilling, Mark Zuckerberg has refused to present himself before a committee looking into fake news and disinformation in the UK. Instead he sent his CTO who managed to not answer 40 questions.
Yesterday, the chair of the committee Damian Collins MP issued an ultimatum; Zuckerberg can either present himself voluntarily to answer questions about Facebook’s role in the Brexit campaign, or he may face a summons next time he enters British territory (a rarely used parliamentary threat). Although the share price is recovering, it is still short of its pre-scandal value. Little has changed in the way Facebook handled the chain of events from a crisis communication perspective. The lessons are still valid and provide ample learning experiences.
When the news report dropped on March 17th that intelligence firm Cambridge Analytica had harvested and abused the data of 50 million Facebook users, you may have been forgiven for thinking that the announcement had hit Facebook almost out of the blue. This was not the case. The company had been warned as far back as 2014 that data gathered on their website was being manipulated – in this case, a Cambridge University researcher collected the personal information of 30 million users using an app, which he then sold to Cambridge Analytica. The leading journalist on the case, Carole Cadwalladr, had been writing on the issue for over 18 months.
Both The Observer and The New York Times warned Facebook on March 16th that they were preparing the report to go live the next day. The company was given twenty-four hours to prepare statements and get their story together. They responded by sending out legal letters and posting a blog explaining that this data leak did not technically constitute a “breach”, whilst kicking Cambridge Analytica off the site. It would be five days before Facebook leadership issued a response, by which point there had been numerous lawsuits, governmental inquiries, a #DeleteFacebook user boycott campaign, and a drop in share price that’s erased nearly $60 billion off the company’s market cap.
The first 120 hours
In the absence of a statement from Facebook, traditional and online media across the world continued to pile on the pressure. In the United Kingdom, The Financial Times published a hostile Long Read, whilst The Guardian created a special folder to scrutinise the ongoing fallout, titled The Cambridge Analytica Files. Online behemoths in the tech world such as WIRED and The Verge published critical pieces which were met with silence from the Facebook leadership team.
Zuckerberg then began a flurry of interviews with American media organizations, including CNN, Wired, The New York Times, and Recode. Facebook also took out full page ads in the Sunday editions of the UK newspapers: The Observer, The Sunday Times, Mail on Sunday, Sunday Mirror, Sunday Express and Sunday Telegraph. In the US, the ads appeared in The New York Times, The Washington Post, and The Wall Street Journal. The chief executive then had an interview with CNN that same Wednesday during which he publicly apologised for Facebook’s role in the scandal: “This was a major breach of trust, and I’m really sorry this happened,” he said in an interview on CNN. “Our responsibility now is to make sure this doesn’t happen again.”
What lessons can we take away from this situation?
Hindsight is 20:20. It was always going to be difficult to handle the immediate aftermath of having to tell your users that their private data had been used by shady intelligence firms after they signed up to play Farmville when they were fourteen. However, it didn’t have to be this difficult. A proportion of the blame sits with Facebook founder and leader Mark Zuckerberg. His first response took the form of a Facebook post, nearly a thousand words long, which did not include the word ‘sorry’.
Front up to it
Everyone makes mistakes. We are all human. Sometimes we break a wine glass, other times we swear in front of children, occasionally we misplace fifty million peoples’ confidential data. It took Facebook five days to field a senior spokesperson, which left a vacuum ripe for press speculation to build. Again, we will never know what events are going on internally at a company, but five days is too long. Get someone up there and make a statement – be empathetic even if you don’t have all the facts yet. This reassures customers and users that you acknowledge the issue and that you are proactively working on fixing it. Just make sure that statement is not a…
This new entrant in lexicology is becoming something of an art form – particularly for male celebrities. A sort of apology just doesn’t cut it. As we highlighted earlier, Mark Zuckerberg’s first response was a Facebook status of 937 words, none of which was the word ‘sorry’. The comment section on the post should tell you all you need to know about how this was received by the public, let alone shareholders and the media. When he did get around to apologising during a CNN interview and with full page adverts in the press, the impact was lost and it felt forced, as if he was doing it purely to protect his commercial interests. And finally..
Boy Scouts and Brownies learn this aged 10. Who knew this news was not new news at all? Facebook did. Journalists had been asking them for comment on these issues as long ago as 2010 yet Facebook was seemingly unprepared when the issue raised its head again. This should have triggered internal action to both renew the operational systems AND prepare for the next round of media enquiries. They were given a full twenty-four hours to scramble together some sort of statement before the news was broken, and they settled on an obtusely worded blog post. Worse, they seemed to imply they did not know about the breach until they were alerted to its existence by the press. This suggested Facebook did not have a grasp of its own security – a revelation almost as damaging as the leak itself. Whether any of that personal data was actually of any real use – let alone facilitated electoral success for Trump & Leave.EU is questionable. But the damage the story has done to Facebook’s reputation is undeniable.
So what can you do?
Every organisation should have a risk register that covers everything and an escalation process in place for managing media inquiries. If you operate in a highly regulated market you should test those processes with regular training. The psychological impact of these drills for all your team – and especially your top spokespeople – can be huge. If you want help ensuring you are ready to face whatever reputation challenges come your way, do get in touch.