The last five days have been a whirlwind for Facebook since the news of the Cambridge Analytica broke and layers upon layers of this data breach onion are peeled back.
On March 22nd, Mark Zuckerberg finally decided to break his silence and address the mass data breach.
“We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you. I’ve been working to understand exactly what happened and how to make sure this doesn’t happen again.”
Notably, Zuckerberg’s own Facebook post contained no apology, but made some assurances that it would not happen again before launching into a detailed timeline of the Cambridge Analytica events.
Too little, too late.
That was the reaction most of us at Wilkinson Butler had to Zuckerberg’s statement. Especially considering that Facebook has failed consumers with their privacy promises in the past.
Jonathan Albright, a research director at the Tow Center for Digital Journalism said he was disappointed that the CEO did not address why Facebook enabled so much third-party access to its users’ personal information for so many years.
“This problem is part of Facebook and cannot be split off as an unfortunate instance of misuse. It was standard practice and encouraged. Facebook was literally racing towards building tools that opened their users’ data to marketing partners and new business verticals. So this is something that’s inherent to the culture and design of the company.”
In other words, consumers aren’t buying it anymore. Faith that Facebook is doing the right thing by your data is completely broken and Zuckerberg’s statement simply comes off as a disingenuous stop-gap.
Few business leaders will face a crisis of this magnitude, but there are lessons to be learnt from Mr Zuckerberg’s misjudged response.
1. Front up
Assign a spokesperson that does well under pressure and get them out and in front of the issue.
2. Act quickly – avoid the information vacuum
The news machine never stops churning so you need to get all the correct information as soon as possible so that you can pass it along to relevant stakeholders, prioritising those that are directly affected.
3. Apologise, sincerely
Mean it when you say it.
4. Address concerns with meaningful action
Your stakeholders not only need to hear the words but see the actions as well. Detail how you’re going to address the issue and how you’ll prevent it from happening again.
5. Tell all, tell early
There were rumours of a data breach at end of America’s 2016 Presidential Election. Zuckerberg and Facebook should have addressed the issue then and showed that they were serious about consumer privacy and committed to resolving the situation with urgency. Instead it’s dragged on for two years and leaves the impression that there’s a lot more to be uncovered.
Wilkinson Butler is a corporate affairs agency that specialises in crisis communication. We have extensive experience working with companies affected by data breach incidents, notably in relation to the newly introduced Notifiable Data Breach Scheme.