If there is one lesson to be learned from the recent string of media revelations, from US government whistleblowers to NHS ‘cover-ups’, it has to be this: There is now no aspect of business that can, or should, be considered confidential.
Whatever you think may be secret, it isn’t. No matter how private they may seem, emails, internal memos and even telephone calls must be treated as if they are already in the public domain.
Google, Facebook, Apple and the other technology giants discovered their most secret dialogue with US government officials on issues of high national security could be splashed all over the world’s media within 24 hours. They have been playing catch-up ever since, with varying degrees of success.
Here in the UK, an independent review revealed senior officials at the Care Quality Commission (CQC)
suppressed a report on serious failings at an NHS Trust. The attempt to keep that information secret has resulted in public humiliation for the CQC, and may threaten the organisation’s survival in its current form.
This is the end of confidentiality, giving rise to a new era of full disclosure, and it has serious implications for major private and public sector organisations. The conclusion we have drawn is that there needs to be a complete overhaul in the way corporates manage the issue of disclosure, in order to minimise the business risks arising from electronic data leaking to the outside world in one way or another.
The traditional model of crisis management – having systems to manage crises once they occur – is seriously outdated. Corporations should move from crisis management to crisis prevention. They can do it in the following ways:
1. Corporate affairs teams need to be integrated fully into the risk management function of an organisation. Within every corporate affairs team, there should be a reputation risk manager, whose job is to burrow into the darkest corners of his or her organisation, looking for the answers to the critical question: What will happen if this enters the public domain?
2. Corporates need to rethink their policies on disclosure to get ahead of the next crisis. At the present time, the prevailing model is that companies tend to disclose only information they are required to do by law. And then it is buried in small print. This is a Stone Age approach to disclosure. Instead of asking what they have to disclose, companies should consider what information ought to be made public voluntarily because it will cause reputational risk if it leaks out; or it touches on areas of public concern, and therefore should be published as part of a modern, responsible business strategy.
3. Employees should never have the sense that they work for an organisation that is deliberately ‘covering up’ information. Human resources policies can be modernised to encourage all stakeholders to express their concerns on issues of confidentiality, disclosure and the public interest. Internal whistleblowing should be encouraged. Even one or two individuals who feel disaffected and ignored can cause tremendous damage to the organisation, if they feel the only channel for expressing their anxieties is to leak information.
Large corporates must fight the natural instinct to resist more openness and disclosure, even if it results in short-term negative commentary. In an era where the concept of privacy is starting to lose any real meaning, the alternative could end up being much worse. Conversely, companies that embrace the era of full disclosure will be able to stay ahead of the next crisis.
Andrew Escott is MD of corporate affairs UK and Geoff Beattie is global leader of corporate affairs at Cohn & Wolfe
Views in brief
What is the most likely reason for a crisis plan failing?
Once firms come under the spotlight, this often triggers further revelations
that can be unrelated. These illustrate why companies can no longer view contentious issues in isolation. If this area comes under scrutiny, what else can?
How useful is a trade association in a crisis?
Trade associations are essential, not only as a first line of defence but also to formalise a voluntary approach to fixing the problem. However, just because you pay the trade association, do not neglect to build these relationships in advance.