top of page
  • Writer's pictureSámano Abogados

Risks of the social networks and handling of crises in companies [02/07/2015]

The involvement of lawyers in the development and implementation of best practices becomes more and more important for the mitigation of risks and handling of crises resulting from daily operations of the companies and above all from social networks, a communication tool used more and more often.

While social networks are great instruments that encourage freedom of expression and are accessible to anyone, if they are not handled correctly, they can be “double-edged swords.” These networks can end up as channels for defamation that can seriously affect the image of our corporations and cause serious economic and legal problems. Therefore, it is necessary that the areas of social communication, public relations, marketing and the “Community Manager” strengthen ties with the lawyers.

First it is important to distinguish between an “Event” and a “Risk”:

“Event”: Occurrence of nature or manmade that can provoke legal consequences. It is defined as an action, work or something that happens and is subject to study and regulation in the different Civil Codes of the Mexican Republic.

“Risk”: is understood as a contingency or the proximity of a damage.

There is a legal theory called the “Created Risk” (art. 1913 of the Federal Civil Code).

The practical point is to analyze how we react in case of a risky event occurring and what we do when these types of events occur and generate certain legal consequences such as damages and different kinds of harms:

  1. Material or economic: which can generate the payment of an indemnity or sanctions that can go from a fine to imprisonment.

  2. Moral: In the case of a person (individual or entity), it may suffer damages in the form of a decline in esteem or public reputation (disrepute).

One of the main functions of the in-house lawyer is the identification of risks that have legal consequences based on the events, to be able to present and anticipate possible unfavorable consequences or to be able to act or recommend how to act in order to produce other events that counteract or mitigate the effect of these risky events.

This is not easy since the greater the complexity of the risky event occurred, the greater attention and time it requires from the people responsible for resolving these matters and greater are the probabilities of committing errors in attending the cases. The key is experience and learning from the experience of others in order to develop common sense and adequate methodologies for the prevention of risks, which should include the following steps:

  • Awareness within the company of the importance of having a culture of prevention. The biggest error that we can commit is to say: “These things don’t happen to us”.

  • Have a team either internal or external duly trained and prepared for crisis management and involve the lawyers, who, based on past experiences, have seen how to resolve these problems. a cost center or a “necessary evil” We are a great asset for the company in the prevention of risks that can avoid greater costs for it.

  • Detect the valuable products, assets and services of the company. What is the source of income? What is the most vulnerable object? What we should protect should be identified and prioritized.

  • Get a head start on the types of problems that commonly occur in the company or in the industry the company is in, in order to generate a methodology of analysis and attention to problems in order to address them at their origin. For example: disrepute of a brand or product caused by dissemination of false information in social networks.

  • Prepare a procedure and policy manual that include Codes of Conduct based on basic and universal values.

  • Generate policies, procedures and standards of protection of the information, using technological tools, materials and personnel that avoid to the extent possible “leaks” or “hacks” of the information of the company.

The ideal is to prevent, but if for certain situations the occurrence of a risk could not be avoided, the following minimum control steps should be taken in order to manage a crisis and address a risky event.

  • Analyze the origin of the risky event and its circumstances of mode, time and place (How, when and where did it occur?)

  • Try to determine the maginitude of the event and its possible importance to third parties through questions and debate (the damages and losses caused, the agents or means involved). “Put yourself in the shoes of …”

  • Ask: if the problem is caused by an error or negligence (of whom?), or was it a premeditated matter or bad faith. Who benefitted and how? Who provoked or could have provoked (with or without grounds, intentionally or accidentally) a contingency situation for the company? Why? What for? This at first just to determine the seriousness of the problem and illuminate how to react and the possible scenarios. Do not make assertions or accusations until having the necessary evidence.

  • Apply “common sense”, seek the most practical, simple solution possible in terms of cost-benefit and “secondary effects” without failing to take into account the ethical questions.

  • Address the “emergency” even if it is with provisional solutions, if the deeper solution is not viable at that time. However, it is very important not to lose sight of the implementation of a substantive solution for the medium to long term; otherwise the crisis could get worse or happen again.

  • Based on the above, determine one or more clear but flexible plan(s) of action, according to the circumstances.

  • Capacity and speed of response (without being impulsive) in addressing the cases and therefore in the handling of the media, analyzing the best moment to issue active or reactive notes in the media, that do not have counterproductive effects.

  • Maintain a Code of Conduct that favors the truth without providing information not requested or unnecessary that could be taken out of context and could compromise the company or organization (don’t say too much or too little).

  • The communication must be clear, precise and consistent with the particular problem.

  • Establish an internal control system of taking notes and review with sequence of times in order to avoid contradictions.

  • Do recapitulations of the situation and of the events from different perspectives, in order to maintain direction in addressing the problem. (“Team- back”).

  • Have a system of reporting to the head(s) of the areas participating in the resolution of the problem. This system must be punctual, precise, and to the extent possible, not include direct involvement of the leaders of the organization.

  • It can be useful to have a spokesperson, either internal to the organization or external, with adequate training be the person who has contact with the press in order to avoid contradictions, differences in opinion and disadvantages that can be counterproductive.


Regarding crisis management resulting from the handling of the social networks, companies, as economic agents, constantly appear in the media and the competition is always looking to conquer the consumer market. In less than ten years, more and more people and companies interact on social network, which are cheap and effective means of mass communication that have no boundaries, but are also almost impossible to control and much less to censure.

Anything that is published on them has an exponential dissemination and the information contained can reach unimaginable quantities of people. This incredible reach can positively promote a brand, but can also represent a risk that could severely affect the image and prestige of a brand, company or organization.

Therefore, it is essential that companies and all organizations have clear guidelines of what can be published and in what form. Organizations should have a “Community Manager” who is responsible for reviewing, thinking about and properly filtering the content that the company or organization publishes on the social networks, and ensuring that the content is in-line with the its philosophy, ideology and ethics, that they do not affect rights of third parties, and furthermore, constantly monitoring the activity of the networks and what other say about such company or organization in the media and how they do it.

Through social networks, it is increasingly easy to freely share, but often information is shared without thinking of the possible consequences: thoughts, opinions, photographs, images, videos, affinities and recommendations. As a result, social media has become an extraordinary advertising tool, but it is also easier to express and disseminate dislikes, complaints and annoyances, (grounded or not) and therefore the social networks require special handling and an integrated training program for the people responsible for managing them.

There are times when the company or organization itself disseminates content in the networks, which, in spite of the “freedom of expression”, for questions of ethics, image and reputation should be vetted to ensure the contents are not: discriminatory, racist, sexist, homophobic, misogynist, obscene, pornographic, against any religion or belief, political, offensive, in violation of the law, in violation of intellectual property rights, affect third party rights, use images or sounds without authorization for use etc. Filtering all these aspects of social media content can be difficult, since if for example the person publishing is a political party, it is likely that the dissemination of its ideas through these media will be interpreted in many forms and taken out of context, above all by its detractors. Even when a publication is made under certain guidelines, many times what in a particular context or for a particular culture may not be offensive, when it is published in the networks, it is feasible that it could be seen in any other part of the world where that content is considered inappropriate.

There are other occasions in which it is not the company or the organization that makes the publication in the networks. There are many “fake profiles” made by detractors or competitors that make publications that seek to discredit a company or organization and cause a reputational crisis in order to obtain an undue advantage or for purpose of extortion.

Often there are people that, out of ignorance or to seem “likeable,” use improper content, images, names or brands to create the famous “memes” that can cause a reputational risk for a company or organization.

According to numerous statistics, only 30% (thirty percent) of these crises are generated by external causes (publications of these crises are generated by external causes (publications of a third party). The rest (70%) result from the lack of professionalism of the “Community Manager” such as: lack of experience, violation of ethical statutes, policies and procedures, malicious employees, unhappy former employees, inappropriate content, artificial or fake content, violation of laws, and unsupported information.

While this panorama of risk does exist, companies or organizations cannot cease to participate in the social networks, but should have certain guidelines and action plans in case of a crisis resulting from these means of communication. This suggests the importance of having a:

  1. Prevention plan

  2. Action plan according to the seriousness of the contingency or crisis.

Normally four degrees of crisis are identified and in function of that these plans of action are designed:

  1. Tranquility.- The crisis can be handled through communication, changes in social networks and with the reinforcement or assistance of allies.

  2. Moderate criticism.- The negative effect can be mitigated by doing an analysis of the crisis, reviewing the composition of work teams and profiles of those involved, reinforcing internal communication and reviewing and updating the crisis protocols.

  3. Conflict.- The crisis is handled by making contact (if possible) with those causing it, presenting results of actions and making official responses in the media.

  4. Crisis.- It is possible that an external assessment is required, the formation of a “Crisis Cabinet”, making other versions of the brand, public apologies, positive feedback from allies, minimization of liability, insurance, guarantees and payment of indemnities.

In conclusion, the legal advice to companies should consider the prevention of reputational risks resulting from a mismanagement of content in social networks that violate laws and ethical principles of the company or organization, which we must know and on the other hand, contribute to the design and implementation of the action plans.

“It takes 20 years to build a reputation and 5 minutes to destroy it. If you think about that you will do things differently.” -Warren Buffet. 1


6 views0 comments


bottom of page