It’s a nice spring Friday morning. You arrived at the office earlier than usual and are settling into your chair with a big cup of coffee. You are expecting a slow day and want to catch up on some legal articles and other administrative items and then hopefully leave early to get a head start on a peaceful weekend. Then the phone rings. It’s the CEO and she is very upset. Someone has posted very negative and untrue things about the company on a consumer complaint website and she wants you to do something about it. Now. Then your instant messenger box pops up. It’s the head of HR and she’s asking you to call her immediately because an employee has just tweeted something “really stupid” on the company’s Twitter account and it’s about to blow up in the media and she needs your advice ASAP. At the same time you glance at your email and see “Urgent – someone’s illegally using our trademarks!” in the subject line of an email from Bart in marketing. You put your coffee mug down, rub your face, and realize you are not going to be heading out early or catching up on any articles today.
While the early morning “perfect storm” scenario described above is unlikely to occur, things can go sideways very quickly when someone launches attacks on your company’s reputation and brand. This is especially true in these days of 24/7 media and the “Wild West” of the Internet and social media. One of the most important jobs in-house counsel has is to protect your company’s reputation and brand. Why? Because customers won’t buy from a company they don’t like, investors do not invest in companies that have bad reputations or cannot protect their brands, and employees do not want to work for a company they don’t feel good about. If it’s bad enough, a hit to the brand or reputation can cost the company multi-millions of dollars. This edition of Ten Things will discuss steps you can take now to prepare for and defend against attacks on your company’s brand and reputation.
- Set the right tone at the top. You’re probably tired of hearing this but it’s true: Everything about reputation and brand starts at the top. How the C-Suite behaves and acts will roll through the entire organization. If your executives do not cut corners and do not play loose with the rules, odds are very good that the organization generally will not do so either. This means counseling senior management to take every opportunity (town halls, staff meetings, emails) to communicate and emphasize to employees how important it is to act ethically and to be vigilant as to how their behavior can negatively impact the company’s reputation and brand. You don’t need to be “preachy” about it, but the legal department should help lead the way here both with respect to coaching senior management and with helping employees understand the rules of the road via messaging, training, and real life examples of how company reputations can be damaged quickly (see, e.g., the New England Patriots). As the quote goes “It takes 20 years to build a reputation and five minutes to ruin it.”
- Protect your company via trademarks, copyrights, and domain names. There are many ways to protect the intellectual property of the company, e.g., patents, trade secrets, etc. But, when it comes to brands (names, marks, or content) the two most important are trademarks and copyrights. You should have a solid strategy in place to apply for and maintain both. The same is true for licensing any of your marks. With respect to trademarks, it is important you ensure that your employees (and licensees) are using the marks properly. A failure to do so can result in your company losing the mark as diluted or as generic or abandoned. Regarding domain names and company websites, watch out for cyber-squatters and spoofing. In addition to taking various avenues of legal action, consider buying up the variations and common misspellings of the company’s domain names so those cannot be used by a competitor or someone looking to harm the company. Recently, many companies have begun buying the domain name extension “.sucks” so as to prevent third parties from using it to create a website featuring negative comments and stories about the company. Similarly, if someone is spoofing your website or email, you need to move quickly to stop it, including working with law enforcement, contacting the domain registrars and ISP providers immediately, and putting a notice on your actual website (and other channels) to warn customers about the fraud. You should have your process (e.g., who to contact) to stop cyber-squatters and website spoofing already laid out in advance of any problems.
- Have a robust social media policy. Today every company should have a social media policy and make sure its executives and employees are trained on its provisions. At a minimum, you need to set out the rules for your employees using social media on behalf of the company or using their own personal accounts to discuss issues related to the company. A social media policy should cover, among many other things, expectations around posting content that can be misconstrued. Enthusiasm is great, but undirected it can cause major headaches. As an example, some of you may recall this recent Tweet from a Houston Rockets employee (using the official Houston Rockets Twitter account) as the Rockets closed out its opening round NBA playoff series against Dallas:
While it was done as a ribbing of the Dallas Mavericks (and I am a huge Mavericks fan who took it exactly that way), it was not well received by the general public. The employee was fired and many lessons were once again learned about how humor does not always translate well outside the walls of the company. There are many other examples out there that you can use to train and remind your own employees about the risks of a poorly worded or poorly thought out Tweet. Remember, however, that your social media policy must make exceptions and be clear around what employees may write on their personal social media accounts about the company so as to comply with recent guidance from the NLRB. Here are some examples of top-notch social media policies.
- Monitor the Internet and social media. Having a social media policy is great, but in order to protect your company you need to develop a systematic way to monitor the Internet and social media for attacks. This can be done in legal or in marketing or in corporate communications. The key is to have someone responsible for checking the Internet and social media every day and making sure that all employees know where to go in the event they see something on the Internet or social media that is potentially damaging to the company. One easy (and free) way to monitor things is to create a Google Alert , Bing Alert, Yahoo! Alert, or Twitter Alert and put your company’s name or a particular product or whatever it is that you want to monitor as the keyword that trips an alert being emailed to you.
- Be aggressive in defending your reputation and brands. If do see your brand or reputation being attacked it is important to not sit back and let things play out. You need to take some action immediately. Being aggressive, however, does not mean you have to be in attack dog mode from the get go. Most in-house lawyers have gotten a “nasty gram” from another company’s legal department or law firm complaining about this or that. Often you think “if they had just called me and been nice we could have solved this in five minutes.” Instead, a nasty letter or email usually results in an equally nasty or snarky response. And then it can be off to the races before cooler heads prevail. A great example of a company that was aggressive in terms of being proactive but also thoughtful about how its actions may be portrayed in the media/publicly is the Jack Daniel’s company. In 2012 they saw an author using something very similar to their distinctive trademarked Old No. 7 label on the cover of his book.
Instead of blasting off a legal bazooka, the in-house attorney stole a line from the movie “Road House” and was “nice.”
Not only did the nice letter (click on letter to enlarge) solve the problem without further effort or expenditure by the company, it helped foster the brand of Jack Daniel’s in a positive manner. It is also a reminder that whatever “cease and desist” letter you send out will likely find its way online. And sometimes that is not a good thing. In fact, you may make the Hall of Shame.
- Escalate problems and follow through solving them. In your role as in-house counsel, you will be in a unique position to see things (programs, ideas, actions, investigations, etc.) that could turn into something very bad for your company’s reputation and brand. Generally, you will not need to depend on your legal training to spot these issues. Your degree from the College of Common Sense will tell you when something needs to be explored more deeply and when you need to escalate a problem. Once you escalate a serious problem, follow through to make sure something has been done to solve the problem (or if not, why not). The best recent example of this (and one you can use as an example of why you need to follow up on problems) is the controversy involving General Motors and cars with faulty ignition switches which has led to numerous deaths, a billion dollars in recalls, over $35 million in fines, an as of yet unknown amount of civil damages from dozens of lawsuits, and a very dark black eye on one of the most respected and revered American companies. There is a lot to the story and many points of failure, but to keep it simple here is the part I found most disturbing: the lawyers in the GM legal department knew about the problems in 2004. No one told the General Counsel about the problems until 2013. If you are the General Counsel, you must train your team and foster an atmosphere where serious problems (e.g., deaths of customers) make it to your desk immediately. Had the General Counsel known of the problems back in 2004, the investigation or remedial steps taken may have been different and more timely and GM’s reputation (and economic health) could have taken a much smaller hit.
- Build a “reputation” response team. You cannot do any of this alone, either as an individual attorney or as the legal department. It takes a broad group of individuals and cross section of business teams and staff groups to handle a serious problem with respect to reputation and brand. As always, you should be proactive and thinking ahead as to what the response team should look like, who should be on it, and what its charter should be, before there is a problem. If you try to create the team on the fly during a crisis you will find yourself seriously behind the curve. Your response team should include: senior business leaders, legal, corporate communications, investor relations (if publicly traded), marketing, and human resources (in case the problem involves actions of an employee). All of these folks should be identified in advance and trained before there is ever a need to use the group. From the outside you will likely want to identify a reputation management expert and outside counsel you would use in case of a serious problem. Create and maintain a list of everyone and their various contact information and distribute it to team members. All of the C-Suite should be briefed on the response team and know who to contact if there is an issue. The Board of Directors may need to be briefed on the response team and its function as well.
- Institutionalize your social media accounts. You must ensure that the company owns and controls all of its social media accounts and has a process in place to ensure transition of responsibilities, passwords, list of accounts, etc. as employees come and go into roles involving the use of these accounts. Given the relative newness of social media, many company social media accounts are in the name of the individual who set them up and/or is in charge of social media marketing. There are many stories regarding employees leaving a company and taking the Twitter or Facebook accounts (dedicated to promoting the company) with them. Ask yourself this: Does legal know who owns all of the company’s social media accounts? If the answer is ‘no’, it’s time to take action. Be sure your social media policy clearly states that all such accounts are the property of the company and that the employee must turn over the account, passwords, etc. when departing the company.
- Know when to speak out/when to keep quiet. All companies need to know when it’s time to speak out to defend their brand and reputation, and when it’s time to stay silent. This is more art than a science. Still, if there is major negative publicity about your company, you need to say something. It is important, however, to know when to stay quiet or not overplay your hand. First, you do not want to get ahead of the facts. For example, Blue Bell Creameries has dealt with several fits and starts as the facts have trickled out about listeria in its ice cream, with each day adding to new revelations about what Blue Bell knew and when did it know it. Similarly, if a customer or blogger has unfairly attacked your company, do not engage in a “give and take” with that person as that will only keep the story alive and, most likely, increase the ranking of the story in search engines. Instead, there several things you should and should not do including: a) posting your side of the story on your own website. This will allow you to control your story — including making corrections or additions as needed — and will not help increase the ranking of the negative comments in search engines, b) contacting the web site about taking down the false complaint or at least allow you to dispute it on the site. If the latter, keep your rebuttal short and do not raise to the bait if the complainer posts a response, and c) if the complaint is showing up in the top 10 to 20 search results about your company, consider pushing out or creating more positive content about your company (stories, press releases, announcements, customer testimonials, etc.) so that search engines pick up that side of the equation and you potentially push the defamatory material lower in the search results. You corporate communications team will be invaluable here.
We’ve only scratched the surface regarding ways to protect your company’s brand and reputation. As always a big part of what you should be doing now is planning in advance of a problem. Legal should take the lead in getting the process underway or, if there is such a process in place already, ensuring that it works as planned and that time is spent every year keeping it current. If you do that, you may just be able to enjoy that Friday morning cup of coffee!
May 15, 2015
(If you find this blog useful, please pass it along to colleagues or friends and/or “Tweet” it. “Ten Things” is not legal advice or legal opinion. It is intended to provide practical tips and references to the busy in-house practitioner and other readers. You can find this blog and all past posts at http://www.TenThings.net or www.sterlingmiller2014.wordpress.com. You can follow me on Twitter: @10ThingsLegal)