Social Media

Facebook's PR Crisis Is a Mess of Its Own Making

Transparency is the best policy for one simple reason: The truth always comes out.


Photographer: Daniel Leal-Olivas/AFP/Getty Images

Facebook is dealing with one of the biggest crises in its history this week, after it admitted on Friday that it has known since 2015 that Cambridge Analytica, a consulting firm that worked on Donald Trump’s presidential campaign, improperly accessed data on 50 million of its users. On Monday, the company’s stock experienced its largest decline in four years; the social media giant lost a staggering $37 billion in market value in one day. The incident intensified on Tuesday, with Democratic and Republican senators calling on Facebook CEO Mark Zuckerberg to testify before Congress, and Bloomberg News reporting that the Federal Trade Commission is investigating whether the company breached a consent decree. The European Union is also investigating. The founder of WhatsApp called on users to delete Facebook. And it’s only Wednesday.

Facebook's Zuckerberg Outlines Steps to Protect User Data

The company’s executives are reportedly worried about how all of this will affect their personal reputations -- and they should be. Much of this damage has been self-inflicted.

The poor judgment Facebook exercised in handling this matter is mind-boggling. As anyone with even a small amount of experience managing crises could have told the company, the worst decision an organization can make in such a situation is to stay silent. If Facebook had disclosed what it knew as soon as the problem occurred and then followed up with steps to protect user privacy, it could have resolved the issue without outside interference and the financial and reputational losses it’s now experiencing. Instead, the incident has spiraled out of Facebook’s control.

There’s a simple reason why disclosure is the most effective strategy in a crisis: The truth always emerges. In the U.S., even classified government documents are regularly leaked. So a company facing a problem has two choices: to admit what happened immediately and ideally get some points for being transparent, or to try to cover things up and later be blamed for both the initial problem and the subsequent deceit. That’s why any good crisis expert will tell an organization to fess up about everything as soon as possible. It will face an initial round of negative media coverage. But if the company has truly come clean and then works to fix the underlying problem, the media will be left with nothing more to report. It’s the fastest and easiest way to make a problem go away.

By contrast, Facebook waited three years to disclose this incident. That’s what has led to so much outrage and so many investigations. If the company had immediately announced the breach, lawmakers and the public would still have had a lot of questions about how it protects user data. However, Facebook would have avoided the charges of secrecy that have now led so many people (including me) to question its underlying values.

One reason Facebook may have decided to withhold the information for so long is that it was trying to figure out how to prevent such episodes from happening again. However, companies don’t need to resolve a problem fully before they disclose it. Helio Fred Garcia, president of the Logos Consulting Group and author of “The Agony of Decision: Mental Readiness and Leadership in a Crisis,” says that a company determining how to address a crisis should ask itself this question: “What would reasonable people appropriately expect a responsible organization or leader to do when facing this kind of situation?”

Reasonable people wouldn’t expect a company that just learned that its data has been improperly shared to have developed a full plan within minutes to prevent such a situation from recurring. They would, however, expect the company to be transparent, express remorse, pledge to take action to prevent the problem from happening again, and follow up with an announcement about what it was doing to solve the underlying issue. If Facebook had done this, it wouldn’t be dealing with the mess it’s in today.

What’s more, such a strategy would likely have allowed the company to determine how to solve the problem itself. If Facebook had quickly implemented measures to better protect the privacy of its users, it would have been unnecessary for lawmakers to step in and mandate them. Self-designed solutions would almost certainly have been more palatable to the company than the kinds of changes now likely to be imposed from the outside.     

That strategy is still the company’s best bet now -- even though it will continue to suffer massive reputational damage for its delay. The fact that Zuckerberg and Chief Operating Officer Sheryl Sandberg have stayed silent until now suggests, astonishingly, that they still haven’t learned this rudimentary lesson. Zuckerberg will reportedly speak over the next 24 hours. According to Axios, the delay has been because “he wanted to say something meaningful rather than just rushing out.” But of course, it’s been deeply damaging for him to let others speculate about his thoughts for the past five days, rather than making a statement himself about this problem he has apparently known about for three years.

It’s no surprise that Facebook stock plummeted. Leslie Gaines-Ross, author of “Corporate Reputation: 12 Steps to Safeguarding and Recovering Reputation,” writes that 63 percent of a company’s market value is attributable to its public image. If Facebook had following basic, well-established principles of crisis communications, it wouldn’t now be dealing with a full-fledged catastrophe that is mostly of its own making.

This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners.

    To contact the author of this story:
    Kara Alaimo at

    To contact the editor responsible for this story:
    Tracy Walsh at

    Before it's here, it's on the Bloomberg Terminal.