Out-Law Analysis | 01 Dec 2015 | 1:29 pm | 4 min. read
Companies are already under increasing pressure, from the public, the media, regulators and others to be more open and transparent. There is a growing expectation that they will share information with stakeholders such as employees, regulators or customers.
Society's developing sense of something akin to a 'right', or at least a 'sense of entitlement', to information is perhaps driven by the nature of the internet and its embodiment of a 'right' to access, receive and impart information. In this context, people are starting to regard businesses as, to some extent at least, public property.
The growing expectation of business openness and transparency is in stark contrast to the attitudes people have about their own information, with an increasing focus on their right to privacy. Individuals want to control what is in the public domain and who can access that data.
It is now very hard to erase information completely, which perhaps explains consumers' concern for the way their data is collected, used and shared. The trend towards claims being brought under the Data Protection Act, alongside privacy claims, is likely to continue.
This dichotomy poses a risk to corporate reputations as we anticipate new EU data protection laws that will require organisations to disclose details of major data breaches to not just regulators but the public too. Currently, data breach notification requirements only apply in certain sectors, such as we saw in the telecoms market recently with the TalkTalk incident.
The growing cyber threat will see companies invest significantly in cyber security. Protection of data from online hacks and other cyber security threats will remain important, to minimise the risk to privacy and associated threats of fraud and consumer detriment if data gets into the wrong hands. However, given the inevitably of attacks and that no systems are infallible, how businesses respond when data breaches occur will increasingly determine how their brand is perceived in the aftermath of those incidents.
Currently, hacks tend to focus on obtaining consumer data, while in future cyber attacks might focus more on damaging a business's reputation through impersonation – there have already been examples of hackers taking control of websites and posting messages on their homepage.
In the US, a new Cybersecurity Information Sharing Act (CISA) has been backed by the US Senate. It is intended to help US companies react more quickly to cyber attacks on their computer systems. If a company gets hit with a specific type of hack, the federal government would receive an alert and immediately distribute warnings to other companies. CISA will eliminate liability for companies making them immune to lawsuits for sharing too much data.
Similar cyber security information protocols are envisaged under the planned Network and Information Security Directive in the EU.
These laws might be the precursor to a more coordinated response from industry to addressing cyber risk and in managing their reputations on a collective basis rather than on their own. There is strength in numbers.
In the digital age, threats to reputation can come from anywhere. Everyone can be a commentator or critic, whose opinions can be published instantaneously with the click of a button. Negative campaigns can build on social media, and unfair and false statements about a company's business practices can be perpetuated in minutes and be picked up by the mainstream media. What's more, the internet allows people to hide behind a cloak of anonymity. Companies that have not already done so will need to be braced for this, and have strategies in place to engage and respond appropriately.
More companies will look to monitor how their reputation is perceived in the public domain. Conversation channels via sites like Twitter enable companies to engage with consumers and customers in response to any changes in perception. Such monitoring might also help a company to understand the specific effect an allegation might have on its reputation, which would help to provide evidence of "serious financial loss" when bringing a defamation claim under the new 2013 Act.
Although a business might successfully remove some material from a website, there is always the risk that it will become embroiled in a game of 'whack-a-mole' as the material reappears on mirror sites or elsewhere on the internet.
No-one really knows how technology will continue to develop, but it is likely to be fast paced. Case law in this area is developing at a rapid rate in an attempt to interpret legislation that often pre-dates technological advances, or quickly becomes outdated. Companies will need to stay up-to-date with legal developments in order to protect their reputation online and adapt accordingly.
Internal corporate communications are becoming less formal too, posing other potential risks to companies. The rise in popularity of instant messaging in the workplace, coupled with developments like the recent piloting of 'Facebook at Work', help facilitate group chats outside channels that might be considered more formal mediums for workplace communication.
If staff feel more able to speak freely by disclosing information or criticising practices through these tools then it will pose an increasing risk that disaffected employees will leak details into the public domain.
Companies should also note the changing landscape in the mainstream media. Newspaper revenues continue to be under pressure as news is available instantly on digital mediums. Journalists of the future will be expected to provide their own independent unbiased opinions on the latest issues to provide added value content at speed to readers.
In addition, in an environment of increased transparency, there may be a move away from shock investigative journalism and front page exposés. Instead, journalists could focus on holding companies to account and monitoring progress with promised actions.
We could see some companies respond to the transparency and accountability agenda by 'opening the books' and proactively disclosing more details about decision making and operations.
The bold companies that embrace transparency could win customer trust and preserve and enhance their reputation, so long as they manage the risks that greater transparency brings, such as the wrongful disclosure of personal, commercially sensitive or confidential data.
Given that advancements in digital technology are often a catalyst for reputational risk, we might also see a greater number of technologists appointed onto boards. Accenture recently reported that only 6% of board directors and 3% of CEOs of leading banks have professional technology experience.
Imogen Allen-Back is an expert in corporate reputation management at Pinsent Masons, the law firm behind Out-Law.com