It takes twenty years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently” ― Warren Buffett.

For a business, a good reputation is everything, a valuable intangible asset that cannot be underestimated. In today’s increasingly connected and content-driven world, reputations can be tarnished instantly and result in significant loss of business, revenue and goodwill. It has never been more important to take a proactive approach to reputation management.

Here are 8 steps for managing and protecting corporate reputation.

1. Acknowledge the new playing field

The corporate communications landscape is virtually unrecognisable to its counterpart fifteen years ago. We live in a world where value is assigned in real time by “likes and shares” and where online intermediaries like social media platforms are for the most part exempt from liability for the content they host. Businesses are understandably feeling like they are operating in an unregulated virtual wild west.

Litigation is not only being reported in traditional media, but also on social media where the merits of cases and those involved are openly and often aggressively discussed. This has now become a legal issue as well as a social and ethical one, with the Irish courts recently implementing a practice direction to limit the use of social media in courts to “bona fide journalists” and lawyers.1

It can be extremely challenging for organisations to protect their reputation online. Since 2017 however, the Irish courts have seen a significant increase in defamation claims with a dramatic spike in the claims reported in the Circuit Court. Social media is possibly the most obvious contributing factor, as well as the increase in the monetary jurisdiction for Circuit Court cases from €38,000 to €75,000. Claimants are also becoming more aware that Irish Courts are prepared to award significant damages for defamatory material published online.2

2. Know your threats

In order to manage threats to corporate reputation, the first step is to identify the industry specific threats that bear the highest risk for your organisation. Threats can be both internal and external, and should be documented according to the level of risk they represent.

Examples of threats include:

Internal threats External threats
 data and security breaches  social media
 published content  internet reviews
 social media, email and internet usage   hacking and cyber security crises
 poor corporate governance  litigation and regulatory investigations
 human error/criminality  intellectual property infringement
 cyberbullying/harassment  defamation
 health and safety regulation  misuse of private information
 occupational stress/injury/discrimination  fake news
 employees’ out of hours activities  

3. Be conscious of emerging threats 

It is also important to be conscious of emerging threats that have the potential for significant reputational and financial impact. Following the introduction of the General Data Protection Regulation (GDPR) in May 2018, there is increased awareness of cyber security and the value of personal data and privacy rights.

The power of the Data Protection Commission (DPC) to impose substantial administrative fines for breaches represents a new threat to corporate reputation. The DPC is already seeing a rise in complaints stemming from data subject access requests (DSARs) and data breaches since the inception of GDPR and mandatory reporting.  Furthermore, the potential for data protection actions for material or non-material damage is a new remedy available to data subjects whose personal data rights have been infringed which represents a further threat.

4. Proactively manage your reputation

Reputation management is not an aftermath consideration. It is crucial to take the necessary steps to protect and take ownership of managing corporate reputation. These include reviewing corporate governance, regulatory compliance, published content and intellectual property.  

We recommend reputation management health checks; a risk assessment process to identify potential threats, areas of weakness in an organisation’s defences and how to address them appropriately.

Having robust policies in place surrounding email, internet and social media usage, data protection and best practice on defamation, privacy and intellectual property is a good starting point. Ensuring understanding and implementation of those policies with “buy in” from senior management is essential for real impact.

5. Manage litigation risk – review your content

Any discussion on reputation management would be incomplete without reference to the Defamation Act 2009. Courts are increasingly awarding significant damages in online defamation cases with the Circuit Court recently awarding its maximum jurisdiction of €75,000 for defamatory comments posted on Facebook.

It is important to review the content your business publishes. While pre-publication advice was historically confined to newspapers and book publishers, today we are all publishers of content and could inadvertently defame a person or corporate body so it is important to exercise caution.

There may be detailed content on your website, blog, press releases, publications or social media platforms. To put this in context in terms of risk and exposure, the biggest defamation award in the history of the State in the amount of €10 million was made on foot of a company press release which implied that the Plaintiff had made inappropriate sexual advances to a colleague while sleepwalking.3

All content should be screened before it is published or shared for any potentially contentious material. One can also be liable when republishing or sharing potentially defamatory content from other sources. Legal advice should be sought when in any doubt. It is also worth being conscious of the intellectual property rights of others including copyright and trademark infringement when publishing content.  As a best practice model, as soon as you are aware of a potentially abusive/defamatory/IP infringing online user generated content on your social media platforms, it is advisable to take it down.

6. Create a Reputation Crisis Plan

A Reputation Crisis Plan either as a standalone plan or as an addendum to an existing Crisis Management Plan is vital to ensure that a reputational crisis is dealt with in a harmonised way across all aspects of an organisation. The name of a first point of contact for any issues that arise should be noted. Involving lawyers at the early stages will allow you to avail of legal advice privilege as well as strategise any necessary response from the outset.

It is also important to have a relationship between your PR and legal team so any external communications can be reviewed and considered in the context of any complaint/litigation/regulatory process. Furthermore, publicity, particularly negative publicity if not managed appropriately can be disastrous to corporate reputation. There should therefore be a policy in place on communications with the media and any proposed statements should be reviewed by your legal team.

7. Choose your battles when pursuing complaints and litigation

How a reputational crisis is responded to is an exercise in reputation management itself and the merits of any proposed strategy must be weighed up on a case by case basis. The following are some of the legal remedies available to businesses when seeking to protect their reputation:

Social media notice and takedown procedures – Many businesses and their executives are finding themselves on the receiving end of defamation, harassment or intellectual property infringement on social media platforms. Under EU law, online intermediaries that provide “information society services” have immunity from liability when carrying out certain passive activities such as “hosting”. This hosting immunity will be lost if upon obtaining actual knowledge of illegal activity the hosting provider does not act expeditiously to remove or disable access to it.4

What constitutes “actual knowledge” is an evolving concept, particularly in the context of defamatory content. While most online intermediaries have mechanisms for reporting suspected infringing content, they will often do nothing in the absence of legal correspondence and may sometimes require a court order directing them to remove content before they take action. This is partly due to the volume of complaints they receive and the practical reality of processing them, the fact that they are not under an obligation to monitor the information they host and the importance of freedom of expression, particularly in countries where the government agenda may be to control this.

The law in this area is changing with critics saying the safe harbours in the E-Commerce Directive were a creature of their time and not designed to give online intermediaries in their current guise a carte blanche on all of their content. There is increased pressure from individual governments regarding hate speech and corporate social responsibility. In Ireland, the Digital Safety Commissioner Bill is working its way through the houses of the Oireachtas and proposes among other measures to regulate a “take-down procedure” for removal of harmful digital communications and to act as an appeal forum for non-action by digital service undertakings. It is also proposed the Commissioner will have rights to apply for enforcement of directions in the Circuit Court.5

Depending on the individual case, and whether or not the publisher is identifiable, it can be easier to achieve the take down of a post by sending correspondence directly to the poster of the infringing content. Legal correspondence can be sent directly through social media direct messaging facilities if a postal/email address are not available.

Non-financial remedies – Financial compensation for a corporate body is often not a suitable remedy to restore a damaged reputation. However, a number of helpful mechanisms for plaintiffs were introduced by the Defamation Act 2009, such as a correction order, a declaratory order that a statement is defamatory or an order prohibiting the publication of a defamatory statement.

Anonymous posters – In  order to identify the user behind an anonymous account, affected parties often have to seek what’s known as a Norwich Pharmacal order in the courts against the relevant online intermediary, which is an expensive remedy and only the first step in prosecuting a claim. The Digital Safety Commissioner Bill proposes to codify this process.

Liaising with the media – If you are concerned about something published in the traditional news media, there are a number of remedies outside of litigation that may achieve the desired result. These include seeking a right of reply, seeking an apology/clarification, requesting removal of articles online or if applicable, a regulatory complaint to the Press Council for breach of its code of practice or to the Broadcasting Authority of Ireland in the case of a broadcaster.

8. Defend your honour

In the event that despite all efforts at proactively managing threats to reputation, a complaint is received or you find yourself on the receiving end of litigation, it is important to seek the appropriate legal advice.  Responding to complaints without first having sought the appropriate advice can escalate matters.   

It is a balancing exercise in mitigating potential exposure both from a reputational and financial point of view. In defamation or IP infringement cases, prompt takedown of offending content and an apology/clarification can go a long way to diffusing a situation. With regulatory complaints, such as those to the DPC, transparency and compliance will assist in achieving a better outcome.  Furthermore, while justice is administered in public, the likelihood of litigation receiving media attention prior to a hearing date is low, unless there are significant interlocutory applications or the parties to the litigation are high profile.

Regardless of the vast advances in technology, the words of Abraham Lincoln remain apt, “With public sentiment, nothing can fail, without it, nothing can succeed”. Whether you are part of a successful multinational corporation or a budding start up, don’t lose control of the conversation. Put reputation management on the agenda.

Footnote

1  Bringing down the gavel on social mediaIrish Examiner,  26 November, 2018

Defamation claims on the rise in Ireland | Darryl Broderick, 31 July 2018

3 Donal Kinsella v Kenmare Resources Plc (High Court, de Valera J, 17 November 2010). Currently under appeal to the Supreme Court with a stay on the award, with the exception of €500,000.

4 Directive 2000/31/EC Article 14

Digital Safety Commissioner Bill 2017. Also see Social Media Wars: Regulation and The Digital Safety Commissioner Bill 2017 | Bryan McCarthy and Sarah Slevin, 17 September, 2018

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.