Although less politically explosive than its predecessor, 2017 was no stranger to scandals. Between the ruined reputations, expensive lawsuits and criminal investigations, there are lessons to be learnt and consequences to prepare for. In this article, we reflect on what to take away from the biggest issues in crisis and reputation management over the past year, as well as the developments to expect in 2018.
1. The Beckham leak: why cybersecurity remains vital
2017 got off to a bad start for David Beckham, whose emails to his PR advisers were hacked and published, despite attempts to use an injunction to supress them. Although the emails were obtained by criminal means, the incident was nonetheless highly damaging to Brand Beckham. Stories in the press reported on his embarrassing outbursts about not having received a knighthood, as well as harmful remarks about his work as a Unicef ambassador.
Beckham was not the first high profile individual to be hacked and he certainly will not be the last. However, his story is a timely reminder that cybersecurity is vital to all individuals and organisations when they seek to protect their privacy and reputation. Writing in PR Week, Mike Patrick warned, "it is now accepted that corporations should be prepared for 'when', not 'if' they suffer a cyber-attack. High-profile individuals and those that act for them should operate on the same lines." This preparation involves more than up-to-date and comprehensive protection: it should also include awareness about the risks of online communication. A sensible resolution for 2018 would be to think carefully about what you send or post online.
2. Jack Monroe v Katie Hopkins  EWHC 433 (QB): social media is a serious matter
2017 was a disastrous year for Katie Hopkins. In May she was fired by LBC, and in November she lost her column in the Mail Online. Before that, in March, she was ordered to pay £24,000 in damages plus what were undoubtedly significant legal costs for defaming food blogger Jack Monroe on Twitter. Ms Monroe sued Ms Hopkins for tweeting that she had vandalised war memorials. Hopkins later deleted the tweet, but she refused to apologise and posted a second tweet describing Monroe as "social anthrax". Further information about the implications of the judgment can be found in our case summary here.
This was the first time the "serious harm" test under the Defamation Act 2013 was applied to a Twitter case. The court was satisfied that the tweets had caused serious harm to Monroe's reputation, and rejected the defence's argument that Twitter is the "Wild West" of social media and that allegations made on the platform have less credibility as a result.
The case confirmed that the courts continue to take publication on social media seriously, regardless of a user's intention. A new year is a good time to brush up on social media best practice. Before posting confrontational content, users should consider both the reputational consequences and the risk of a lawsuit coming their way. It is also worth remembering that a social media post does not go away simply because it is later deleted.
3. The downfall of Harvey Weinstein et al: the importance of transparency and accountability
The biggest downfall of the year was undoubtedly that of Harvey Weinstein, and while some may have predicted further allegations to follow those in The New York Times, no one could have foreseen the wave of allegations to hit other powerful individuals in the following months. From schools and sports bodies to Westminster and the White House, the impact of the scandal is enormous, as seen recently in the resignation of Damian Green and the removal of Kevin Spacey from House of Cards and All the Money in the World. There are many lessons to be learnt here, but a key question for organisations is whether they maintain a safe and responsible culture. Transparency and accountability are essential, both to maintaining a safe environment and to surviving a crisis. Those accused of sexual harassment will not be alone in receiving condemnation: any company or organisation found to have ignored or tolerated such behaviour is likely to face a crisis of its own. An obvious example from earlier this year is Uber, for whom a failure to deal with sexual harassment allegations is just one of many mismanaged crises which culminated in the resignation of its CEO, Travis Kalanick, in June 2017 and the refusal of TfL to renew its licence to operate in London.
With the #MeToo movement continuing to make headlines, leadership should expect scrutiny and should be willing to demonstrate that safety and wellbeing are treated with the greatest importance within their organisation. Our previous briefings look at the crisis management implications and safeguarding considerations of this crisis in further detail.
4. The Paradise Papers: why tax is now a reputational issue
The leak of the 'Paradise Papers' in November detailed the confidential offshore tax arrangements of an impressive list of high-profile individuals and companies. The implications of leaks of confidential financial information for high-profile individuals are considered in our previous briefing, where we warn of the continued reputational risk of offshore tax arrangements in the information age. Another important message is that tax is just one area of vulnerability. A lesson for high-profile individuals and organisations to take from 2017 is that information leaks are inevitable. Preparation, however, can go a long way in helping to minimise the damage they cause. There will undoubtedly be further data leaks in 2018, and anyone with a reputation to protect should be prepared for this.
5. The Morrisons judgment and the GDPR: why organisations need to prepare for data breach claims
The year ended in a spectacularly bad fashion for Morrisons Supermarket, who became the first employer to be held vicariously liable for a data breach committed by an employee. Although the court held that Morrisons had no primary liability for the breach, the actions of its disgruntled employee were sufficiently connected to his employment to make Morrisons vicariously liable for his acts. Further information on the judgment is contained in our case summary.
Although Morrisons have been given permission to appeal, employers should seriously consider the implications of this judgment. The General Data Protection Regulation (GDPR), scheduled to come into force in March 2018, will place an even greater number of obligations on data controllers, including the mandatory reporting of serious data breaches to those affected. It also facilitates group litigation for data breaches and allows for higher fines to be imposed by the Information Commissioner. Preparing for the GDPR is essential for every organisation, particularly in the wake of the Morrisons judgment, as is reviewing employee access to confidential data.
If you require further information on anything covered in this briefing please contact your usual contact at the firm on 020 3375 7000. Further information can also be found on the Reputation Management page on our website.
This publication is a general summary of the law. It should not replace legal advice tailored to your specific circumstances.
© Farrer & Co LLP, January 2018