Friday, February 23, 2007

JetBlue Lives Its Own Valentine's Day Massacre


For JetBlue, it must have seemed like the second coming of the infamous St. Valentine’s Day Massacre when Al Capone knocked off seven of Bugs Moran’s men.

February 14, 2007 will likely go down as the worst day in JetBlue’s history. Thank God no one was hurt in this mess.

I guess one can give JetBlue Airways president David Neeleman some credit: within a couple of days, he stepped up and took responsibility for the stunning meltdown his airline experienced in New York City and around the country.

Taking a page from the current playbook on crisis management, Neeleman, his voice cracking a bit, told the national news media he was “humiliated and mortified” by the massive breakdown that hobbled the airline’s operations for nearly a week.

He then pledged to institute a voucher system that would increase in value according to the length of the delay. The airline has also unveiled a “customer bill of rights” that will compensate passengers for slip-ups and ensure that they don’t find themselves trapped for hours on planes waiting to take off or trying to return to a gate.

Crisis experts – me included – can probably agree that by taking the bull by the horns Neeleman and his low-cost carrier will stop thousands of customers from defecting to other airlines. In today’s business environment, admitting mistakes has proven effective in rebounding from a crisis.

On the other hand, JetBlue gets an “F” for not having a crisis/operational management plan in place that could have avoided this fiasco in the first place. Shockingly for a CEO, Neeleman admits as much.

He told The New York Times his company had an emergency control center full of people who didn’t know what to do. Why weren’t they better prepared and sufficiently trained?

There were flight attendants sitting in hotel rooms for three days who couldn’t get in touch with their own company. Where was the communications protocol?

In a revelation that really stings, he admitted pilots were emailing him and saying, “I’m available, what do I do?” Why couldn’t he answer?

Neeleman said the crisis, which led to about 1,000 cancelled flights in five days, “…was the result of a shoestring communications system that left pilots and flight attendants in the dark…” Isn’t this confirming a major failure on management’s part?

Penny-Wise, Pound Foolish

While it’s going to take a while to determine how much business JetBlue loses down the line, the immediate costs are staggering. On network television, Neeleman said the tab to reimburse passengers could cost the airline $30 million or more.

Wall Street will also likely punish the stock in the short-term. The damage to JetBlue’s brand is also likely to be huge. Some customers are already grumbling “they’ll never be back.”

One can speculate what would have happened if JetBlue had spent $1 million on a rock solid crisis management and training plan that could have been deployed at a moment’s notice.

Most CEOs I know would be happy to spend a million to save 30 times that, but surprisingly few CEOs are willing to invest the necessary resources to institute the right crisis avoidance policies and procedures.

In many crises, outsiders like myself often have to speculate what kind of contingency plans a company has in place. For the most part, these plans are highly confidential and only signed off on by top senior management.

This case is different.

The CEO himself admits JetBlue had neither the people or the plans in place to deal with a perfect storm like the one that hit on Valentine’s Day. Candor was the only way out.

A media darling for most of its seven-year existence, JetBlue now finds itself in the cross hairs of its employees, customers, the FAA, airport personnel, consumer advocates and Congress.

This episode once again proves that strategic communications and crisis management plans are fast becoming the model that American businesses must adapt to survive in a crisis and retain brand and management integrity.

Increasingly, institutions are being judged not by the crisis itself, but by how the crisis is managed. Time and time again, we are witnessing major business crises in which institutions seem unprepared for the worst.

Time will tell if JetBlue becomes the poster child for how not to do it. Meanwhile, the crisis management planning business just got a major shot in the arm!

Joe M. Grillo, a senior vice president at Nicolazzo & Associates, contributed to this blog.

Tuesday, February 20, 2007

Security Breaches: Lack of Communication is Giving Consumers the Shaft

Has anyone noticed a disturbing pattern in security breaches at major U.S. companies?

Due to slow – and even deliberate – delayed communications, consumers are getting the shaft.

The most recent case flared up in mid-January when TJX Cos., a Framingham, Mass. retailer that runs T.J. Maxx, Marshalls, Home Goods and other stores, disclosed a data theft that exposed millions of customer credit and debit card numbers.

Like several past instances, consumers were NOT notified right away. In the case of TJX, the company waited about a month. A couple of years ago when Bank of America had some computer tapes stolen, it waited two months to notify customers.

Even the U.S. government waited several weeks before disclosing someone had walked off with a government-owned laptop containing Social Security information for 25.6 million U.S. citizens.

Corporate executives, government investigators, and legal counselors have been postulating that the communication gap exists because it gives the authorities time to catch the bad guys.

This may sound good on paper, but it doesn’t do much for the consumer.

I’m in agreement that the ultimate objective is to catch these thieves and throw the book at them. However, companies are bucking a clear trend: the customer (in this case the consumer) comes first.

Take a closer look at the TJX case.

According to a report in The Boston Globe, a New Bedford, Mass. city employee said $6,700 in charges suddenly appeared on his Visa card in January of 2007. It’s the same credit card he used while shopping at a T.J. Maxx store last December.

Does TJX really think it utilized the right communications strategy by waiting a month to tell this consumer about the breach? If you were this shopper, what would you think about TJX?

Could it be that TJX did not want to announce the breach in December because it would have severely impacted its Christmas sales?

My 30-plus years experience in strategic communications tells me this dynamic must change.

By waiting to tell the consumer about breaches, companies are risking major damage to their reputations and brands and even a substantial drop in sales.

While it’s true that banks and other credit card issuers usually pick up the tab for bogus charges, there is still a huge psychological impact on the consumer. People whose personal data is stolen feel violated.

It may be gradual, but the American public is going to stand up against this behavior and demand to know right away that someone has stolen their financial data. At some point, it seems logical that consumers will organize boycotts against companies that compromise their personal data.

To make matters worse, some companies are making security breach announcements without solid contingency communication plans in place to deal with the fallout.

At the risk of picking on TJX, the company seemed disorganized when the story broke. People complained that they got the run-around from customer service hotlines and the CEO was unavailable for comment.

Finally, after more than two weeks, the company took full-page ads in newspapers saying that it was sorry for the inconvenience to consumers and it was doing everything in its power to correct the problem.

If the company had a good contingency communications plan in place, it would have called for a letter like this to be written within a matter of days. Why wait? It looks like the company is hiding something.

I believe there is an Rx to contain – and even fix – this problem. It involves work on the front end and the back end.

On the front end, organizations holding the data need to build more secure systems to protect consumer information. This will involve more capital spending on encryption, security software, and other various IT tools.

On the back end, state and national political leaders need to introduce legislation that compels companies to notify consumers within five days of a security breach. There will be opposition, but it’s the right thing to do.

Meanwhile, all of us continue to hold our breath until the next security breach is announced…and we wonder if our financial data will be compromised along with our credit standing and privacy.