This issue of Communication Command contains an interview on crisis communication and data breaches as well as a TV interview script concerning crisis communication and the NFL domestic violence crisis. We hope you will enjoy reading our e-Newsletter.

September 2014
IABC Southern Region
C4CS® Senior Partner Dianne Chase recently attended IABC Southern Region's board meeting in Texas. Dianne (front row, center) completed her term as Chair of the International Association of Business Communicators' Southern Region in the summer and continues to serve as a board member. She will attend the regional conference in Austin, Texas, in October. The conference website can be accessed via this link.

Conference Champion
C4CS® will be a Conference Champion at the 2014 Emergency Preparedness and Hazmat Response Conference. Please click here to view the conference website.

Interview on NFL Crisis
C4CS® Senior Partner Dianne Chase was recently interviewed by Time Warner Cable News Charlotte in regard to the NFL domestic violence crisis. She called on the NFL to establish an unequivocal policy on domestic violence. The interview script has been included in this newsletter issue and can also be viewed on the station's website.

Our next e-Learning course on 'Harnessing the Power of Social Media in Crisis Management' will be conducted November 3 through November 14, 2014. Congratulations to those who completed the course work and obtained a Certificate in Social Media Crisis Management Planning accredited by ICOR. The course brochure can be downloaded via this link.
If you have questions concerning our e-Learning course, please contact us at

Communication Command e-Newsletter
Please click here if you would like to access past issues of our e-Newsletter.

Five Questions about Crisis Communication and Data Breaches

Matthew H. Meade is an attorney and shareholder at Buchanan Ingersoll & Rooney PC, which is based in Pittsburgh, Pennsylvania. As co-chair of the firm's Cybersecurity and Data Protection Group, Matt provides advice regarding data security breaches, information and records management, and other areas regarding privacy.

Matt Meade

In recent months, a number of well known companies from various industries have experienced the loss of confidential information due to data security breaches. In many cases the resulting negative impact on brand equity, reputation and the bottom line is significant. In what way are you involved in preparing corporations for managing the loss of sensitive information?

We stress to our clients the importance of being proactive in connection with data security rather than being reactive. One of the best ways to accomplish this goal is to conduct comprehensive data security training. Through training an organization can build a culture of compliance where all employees understand the importance of protecting and securing data.

Another way to be proactive and build compliance is to conduct a breach exercise or table top. In much the same way organizations conduct fire drills, running through a response to a hypothetical breach can be a great way to test the breach response team and to see the level of preparedness of the organization.

How do you help clients that must respond to the loss of sensitive information following a data security breach?

Here in the United States, 47 states currently have breach notification laws. Coordinating a response to a multi-state breach can be a complicated and time consuming effort given the nuances in the state laws. We take a holistic approach to a breach because responding to a breach is far more than just a breach notice. First, we work with clients to identify impacted customers, the state residency of those impacted, which states require notice to attorney generals or other government officials and the timing requirements of the notice. Once we notify the individuals, we turn our focus to a post breach security assessment.

Remediation is a critical component of any breach response. For example, a manufacturing client experienced a breach involving employee data. As part of our breach notice we informed the employees that the company was updating its polices on privacy-related issues, including implementing a Written Information Security Program (“WISP”), as required under state law. The WISP is a comprehensive policy that sets forth technical, administrative and physical safeguards for protecting data. We also conducted privacy training for all employees. Finally, we helped the client with an examination of its processes that led to the breach as well as the delay in employees reporting the incident. We often learn that the record or records at issue in data breaches are legacy documents that contained information such as Social Security numbers even though no legitimate business reason existed for maintaining the record in its current format.

The number of consumers that mistrust companies when it comes to safeguarding their personal information is increasing and many consumers and employees complain that they are not openly communicated with in regard to the security of their personal data. Do you agree that a lot of companies need to improve their internal and external communication in connection with the loss of sensitive information?

Consistent and accurate messaging is essential to any breach response. A company that delivers multiple inconsistent messages to the media and, more importantly, its customers is asking for trouble. In addition, the accuracy of breach notifications is absolutely essential. An inaccurate or misleading breach notification can create negative publicity and potentially lead to litigation. 

I often tell clients to put themselves in the shoes of the individual whose information was compromised when drafting the notice. Breach notices must be written clearly and in a way that the reader understands that he or she is receiving notice of a breach and not a complicated legal document. Also, a great deal of care and planning needs to be devoted to developing FAQs which respond to questions about the incident so that the company can handle customer calls or media inquiries consistently and in an understanding manner.

Is it important to have a communication strategy in place before a data security breach occurs?

We tell clients that having a communication strategy in place in advance of a breach is a critical part of any incident response policy. No party that experiences a breach should have the added pressure of having to find a crisis communication firm while also dealing with the intense pressure associated with a breach.

The communications team must be a part of the incident response team and work closely with management to coordinate efforts in connection with the breach response. If an organization stages a haphazard and not fully coordinated response to a breach, it runs the risk of losing customers and irreparably damaging its reputation.

Have you been involved in the response to data privacy crises that could have been avoided with better internal communication concerning data privacy issues?

Yes, I have. With rapid growth and success many companies move forward without carefully considering privacy implications and the concurrent development of appropriate policies and procedures designed to secure and protect data. As a result, employees’ focus on privacy is often lax or nonexistent. Employees may not know what to do if a mobile device or laptop is lost or stolen. Employees may not be aware of the risks associated with thumb drives, downloading apps to company mobile devices or even how to properly discard sensitive records with personally identifiable information.

Creating awareness through training and strong policies is a step in the right direction. Coordination of IT’s efforts with legal and compliance teams also can be a great help. To create a culture of compliance a collaborative effort across the organization is needed. Making sure that senior management is aware of privacy issues and committed to efficient solutions helps to create awareness. Organizations should consider adding a privacy and security component to employee reviews so that the employees understand the importance of the issue and the relationship between privacy and being an effective employee.

TV Interview on NFL Domestic Violence Crisis

C4CS® Senior Partner Dianne Chase was recently interviewed by Time Warner Cable News Charlotte (@TWCNewsCLT) in regard to the NFL domestic violence crisis. She called on the NFL to establish an unequivocal policy on domestic violence. The following interview script and the corresponding video clip are available on the station's website.

Hardy's Leave Hits in the Middle of NFL's PR Problems

CHARLOTTE— Greg Hardy's empty locker is just another casualty of a scourge in the NFL. Hardy is going on voluntary paid leave while sorting out domestic violence charges. GM Dave Gettleman called it a trying and difficult situation on Wednesday. “We have attempted to be very thoughtful and intentional about this, but there's no rule book for this guys,” he said.

“So the question becomes, 'Why not?'” said crisis communications expert Dianne Chase. Chase was one of several PR professionals calling the NFL's actions “fumbles” after the announcement and the arrest of Cardinals player Jonathan Dwyer within the same day. “Do you need to go to a guide book to see what is the right thing to do? If it were your spouse, if it were your daughter, if it were your sister?” said Chase.

The Panthers and the league are under increasing pressure. Two of their largest sponsors, Anheuser-Busch and Pepsico, blasted the NFL's handling of the cases this week. A statement from Anheuser-Busch read in part: “We are not yet satisfied with the league’s handling of behaviors that so clearly go against our own company culture and moral code.”

“I am deeply disturbed that the repugnant behavior of a few players and the NFL's acknowledged mishandling of these issues is casting a cloud over the integrity of the league and the reputations of the majority of players who've dedicated their lives to a career they love,” said Pepsico CEO Indra Nooyi on Thursday.

“Their reputation really is being seen as winning at all cost and just ignoring the reality of some of the situations,” Chase said. But can they fix it? Drew Porcello of Pivot PR said yes. “Something we tell our clients is 'Tell it fast, tell the truth and tell it as quickly as you possibly can.'” The league has work to do on that front.

Fifteen minutes into the Panthers’ news conference Wednesday, coach Ron Rivera lamented people calling secretaries at the stadium criticizing his decisions. He appeared to grow frustrated, saying, “I make decisions that are in the best interests of this organization. So don't ever forget that, OK?” He then walked away.

“If you seem discouraged, angry or defensive, people can take that the wrong way,” said Porcello. He said distractions like that can make you look unprepared and give your audience the wrong messages. “They think that there may be some underlying stories behind it, that you're not telling the truth,” he said.

The league has acted in some measure. The NFL has assigned a special investigator to Baltimore player Ray Rice’s charges. They’ve also implemented a two strike policy with a six game suspension for a first incident. But they've not intervened in multiple other cases. The Panthers said Hardy will be on leave until at least mid-November.

Chase said if the league wants to survive, this is an opportunity to tackle off-the-field behavior with a no-tolerance policy. “But they can't waiver,” she said. She said words are no longer enough, that they need to “walk the walk.”

If you have any questions concerning this interview transcript, please contact us at We look forward to hearing from you.
Food For Thought

"Do everything you can to prevent data breaches,
but also fully plan out how you will respond
if you are breached.
Today’s media and business environment
demands that two-pronged approach."

Brian Lapidus

Copyright © 2014 C4CS, LLC. All rights reserved.

Leaders in Strategic Communication
and Crisis Management