Coupon Accepted Successfully!

Online Reputation Management​
Online reputation management (ORM) has emerged as an important area for IT professionals, managers and consultants. In light of the universal penetration of internet and social media, information (especially bad press) can travel fast and has the tendency to damage the reputation and goodwill of the company. ORM is important not only for businessmen, but extremely relevant for consultants, managers and working professionals, who can provide highly specialized services to their clients and employers with this understanding.

Online reputation management requires expertise and use of technological, management and legal tools. We discuss how legal mechanisms and company policies can be used to complement managerial practices and technological tools in this chapter.

1. Managing online criticisms by customers

The customers are using social media to air their grievances against companies and their products. According to a survey made by AC Nielsen, 67% Indians use web-based survey and reports to make decisions on big purchases. While social media gives customers an open platform to post their grievances, negative information can travel fast and organizations face significant risk from vindictive information, false hoaxes and rumours that are circulated on the internet, whether these are from angry customers, the general public or  any third party. It is quite important for companies to redress the grievances through positive interactions and support, to reduce the negative effects of such posts. Due to nature of internet, any post or criticism made online can become viral and spread quite fast.
  • Monitor the usage of social media monitoring tools: As it is almost impossible to take any pre-emptive step to prevent a defamatory post, it is essential to monitor the internet for your brand. It is essential to know what the consumers, employees and others are speaking about your brand on the internet, in order to contain the damage that such posts might cause, if not checked in time. It is quite important for organisations to acknowledge to customer grievances quickly and if possible on a real time basis.  There are sophisticated online tools like Meltwater, Brandwatch, Trendrr, Hootsuite, Sprinklr, Klout, which can be used to monitor user comments, social media mentions on social media and analyse social media trends. Please check the link to understand the comparative advantage of such software.
  • Be tolerant and react positively: Sending takedown notices is one of the options available to an organization in case of offensive content or violation of copyright on the interne - but that is not feasible for each and every instance. An organisation must have a set policy or practices handling negative publicity.
Possible considerations in such a policy framework could include answers to the following questions:
  • Response strategy that should be adopted. Should the organization adopt an aggressive strategy, or should it escalate a grievance to a senior officer who can speak to the customer and address his or her concern?
  • Is it possible for an organization to take criticism constructively and respond accordingly, instead of defending itself?
  • What should be the process of escalation / investigation of customer grievances?  
  • Are there any guidelines on how the company can delight customers? For example, a frustrated consumer shared his grievances on Twitter regarding non availability of a booked cab on Olacabs, which he booked for his family to visit a birthday party. This post was taken seriously by the management, who responded to the post patiently and a senior level customer care officer called him to tender apology and to understand the whole story. In return, Olacabs sent a cake to the customer’s house along with a personalised message. The whole incident moved the customer to post the experience on a popular startup blog, and turning the negative comment into a positive review.
  • Handling false complaints: All complaints and negative publicity is not the same - in case you are handling false complaints, identify if the place where it has been posted might affect the reputation in long run or it will fade out soon. You might want to adjust your response accordingly – do you want to simply address the grievance publicly or is it so serious that you need to escalate it? In case of serious mud-slinging, organisations may also provide feedback with proof or results clarifying that the allegations are not true. However, in case the posts are made by trolls and are not gaining traction, it might be easier to dismiss them than respond to each post individually.
2. Managing social media usage by employees and ex-employees

Social media has become an integral part of everyone’s life, and it is true for your employees as well. Social media can be used by the employees to interact with co-workers, consultants, contractors, vendors and client as well. It is a challenge for the employees and the employers as well to draw a line between personal use and official use of social media. Studies have revealed that usage of social media by the employees during office hours resulted in lower productivity. In some cases, where the usage of the social media account transgresses the boundaries, it might be problematic for both the employer and the employee. Employee social media posts, even though made using his/her private account in her private time has the potential of going viral and contributing to public relations fiascos or creating false impressions. For example, the employer can be held liable for a defamatory post made from a personal social media account of a CEO. Employers and ex-employers may also indulge in posting defamatory posts about the organisation, which may need to be managed.

Consider the risks presented by the following cases studies:
  1. Jack Dorsey one of the four founders of Twitter who was subsequently not in any effective role on the board of directors (he has since returned to the company), continued to post status messages pertaining to the internal management of Twitter (without being a part of it at all) and behaved as though he was the face of the company, thus moulding public opinion and creating a false impression that he was instrumental in running the show.


Case study: In 2009, two employees of Domino’s Pizza, created a video of themselves involved in unhygienic handling of pizzas and posted the video in YouTube. The post trended in the social media sites and created serious public relations issue for Dominos Pizza. Dominos fired the two employees and also faced felony charges for supplying unhealthy food.


2. In 2013, a server at Applebee’s restaurant posted a photo of receipt of a customer at Reditt, who refused to pay a tip due to religious belief. The post was shared in other social media sites like Facebook and other blogs.

3. Bradford Pedley, an employee with an architecture firm used LinkedIn to send group messages to many people including many of the clients of current employer, stating that he has his private business and willing to work for them. He was terminated from the job for soliciting business from his employer’s clients. The termination was upheld by the Australian Fair Work Commission.

How should these risks be managed? Here are a few steps:
  • Implement a social media and technology usage policy: The law related to employment and social media is comparatively new and is evolving. It is essential that an organisation has a social media and technology usage policy laying down the dos and don’ts of social media and technology usage. A social media and technology policy should essentially lay down the following terms and conditions:
    • The policy should mention whether the policy covers the usage of social media using personal accounts during after office hours.
    • Whether the policy covers only usage of social media and emails on employer owned or provided machine or may extend even to employee’s private technology device used for work purpose.
    • Whether the employer has the right to inspect and search employee’s private technology device used for work purpose.
    • The policy should explicitly list the permitted and non-permitted usage by the employees on social media sites, for example it can include, that the employees should not access social media sites during office hours or in conflict with its business obligations, employees should not engage in communication with customers on social media sites, except without official permission.
    • The policy can also list down other conditions like, the employees should not reveal confidential information and trade secrets about the organisation on social media sites, indulge in unlawful activities, violation of other’s intellectual properties or defame the organisation, employee, customer or its vendors and business partners. It can also mention that when an employee is recommending about the organisation or its policies, it should mention his/her affiliation with the organisation.
    • The policy should also mention the employee’s obligation to maintain privacy of other employees, customers, vendors, business partners on social media platforms. The employee should take permission of the concerned person before posting any post or photos related to them. Employees should not post any information which is abusive, threatening, insulting or obscene in nature regarding other employees, customers, vendors or business partners.
    • The policy should specifically mention that the employees should not create usernames or screen names, which reflects the affiliation of the employee with the organisation.
    • The policy should that it must be read in conjunction with other policies of the organisation relating to non-disclosure, non-solicitation, and non-compete.
  • Have a social media marketing and communications policy: It is important for organisations that they require employees to use separate social media accounts for company activities through a clear social media marketing and communications policy. However, when a senior level employee uses his personal social media account to interact with a client, it becomes difficult to determine who has ownership over such social media accounts. The law regarding ownership of such accounts is still unclear. The organisation should have a social media marketing and communication policy which should contain the following:
    • Identify all the official social media accounts and create a database of the same. The account should be created in the name of the organisation, where creation of an account needs name of a person; one should name some senior level officer.
    • All business communications should be made only through official social media accounts.
    • Identify person(s) who will be responsible for handling such accounts.
    • The account handlers must be trained to handle negative comments, answer to customer queries and how to use social media for marketing promotions, without violating any law.
    • If the social media accounts are used for active business communications , the policy should clearly mention that such account belongs to the organisation and such account must either be handed over to the organisation or it must be deleted. The policy should clearly maintain that the employees should refrain from using the account for personal purpose.
    • If the personal accounts are used for commenting on the business or product, the person should identify his/her affiliation with the organisation and with a disclaimer clearly stating that such opinions are his personal and does not reflect organisation’s view.
  • Create awareness amongst employees: At a managerial level, steps may need to be taken to make employees aware of the policies and the consequences of their violation – which could relate to warnings, more serious disciplinary actions or even termination.


Case study: Phonedog v Noah Kravitz

Phonedog, a technology and mobile review website sued Noah Kravitz, an ex-employee over custody of the Twitter account of Noah. The account whose username was [email protected]_noah” was used by Noah to disseminate marketing materials and review of mobiles. After leaving Phonedog, Noah changed the Twitter handle to “noahkravitz”. However, Phonedog claimed that it has ownership of the 17000 “followers” in Noah’s account and sought damages of $34000. However, later both the parties agreed to settle the matter, and Noah was allowed to retain the account.



Case Study: HMV layoff fiasco

In January 2013, HMV, a British entertainment giant, while decisions to layoff were handed over in the office, a community manager of HMV who was handling the official Twitter account started posting minute by minute update of the whole situation. The event grabbed the attention of social media and popular media.

Other organisations may need to be especially careful about how to manage firing of an employee who manages official social media accounts, it is important to secure control over the account and remind them about their obligations and rights. Social media policies should be drafted in a careful manner to address such incidents.


3. Managing violation of IP rights

An organisation has number of intellectual properties that can be misused by astroturfers and competitors or other person to malign the organisation’s reputation. The most common types of misuse of an organisation’s IP are through creation of fake websites and social media accounts. Third parties might create fake social media accounts and squat upon brand username to mislead the customers into believing that the account is an official or an affiliated account of the organisation, and even may be used for selling counterfeit goods. For example a squatter may register your brand name on Twitter or Facebook and represents themselves as an official page, and then manhandle the account by improperly handling customer queries and complaints, or post offensive messages. In such cases the reputation of the company may be severely affected. Another problem that involves creation of “hate” websites which have the organisation’s or brand’s name in the domain name. Third parties may create certain hate domain names like [brandname]sucks.com or ihate[brandname].com to malign the brand’s name for certain purposes from personal gains from blackmailing the organisation or to garner for support for a cause involving the organisation or to criticise the organisation or its products. For example, one of the passenger of Rayanair created a website called “ihateryanair.co.uk” to criticise the treatment offered by the airlines.

Monitoring: To prevent infringement of trademarks and other IP rights, any organisation should have a strict monitoring policy over usage of trademarks in online space. As discussed above, some of the monitoring tools may be used to identify to find possible infringement. There are sophisticated tools and services to monitor trademark infringement like “Trademark Watch” by Thompson Reuters. However, for smaller businesses it might not be feasible to subscribe to costly watch software. Such organisations can make simple search on any leading search engine like Google, Yahoo or Bing on a regular basis and check social media sites for typosquatting (wrong spelling of the brand name) and variation of other names that can be possibly used to confuse the consumers and public as to the origin of such page.  The in-house counsels or the external counsels should also monitor infringement of trademark in social media and identify whether such pages in any way infringing organisation’s IP right.
Register proactively: Apart from registering the domain names, the organisations should register its brand name as username and possible variants on all possible social media and especially those which have a potential of becoming the game changer in social media marketing. There should be a record of all the usernames and password of each account created on social media. Certain websites like Facebook and Twitter have the facility of marking an account as official or verified profile, which can be used to establish authenticity of the account.  The organisation must register domain names including possible typo-squatting, top-level domain names (for example .net, .org, .in) of the brand name. The organisation might register some common variant of “hate” site domain names to prevent cybersquatting or creation of such hate sites by third parties.  
Prevent negative publicity by infringing other’s IP: Another critical area where the organisation should take help of legal counsel is while selecting a new brand name or trade name. The marketing team and the legal counsel should work together to identify if the selected brand name is available as username on social media sites and whether any existing brand name is “confusingly similar” or can create “likelihood of confusion”  with an existing third party brand name. In case of failure to identify whether there is any existing brand with same name, may prevent the orgainsation from establishing its social media and online presence in an effective manner. Moreover, such violation of third party IPs may result in serious PR fiasco and may affect the brand’s reputation from trademark infringement lawsuits.
4. Managing data breach

In a 2011 survey made by Ponemon Institute revealed that a data breach of customer data diminishes the brand value of an organisation by 21 % and impacts customer purchase preference. Data breaches, violation of customer private data can affect the reputation of the organisation in a long run. Such data breaches are often subjected to widespread publicity in traditional media and also centre of social media discussion. In case of a false rumour, try to identify the original source of such news and consider filing a defamation suit. If someone has “stolen” such information, the company may file either a civil suit for compensation under Section 43 of the Information Technology Act or initiate criminal proceeding under Section 66 of the IT Act. (Read the chapter on “Data security and privacy breach” to understand the legal standards that need to be maintained and consequences of such data breach.) However, when there is a genuine case of data breach, handling such incidents may be difficult. The organisation can take the following steps to mitigate the effect to the reputation of the brand resulting out of such data breach:
  • Have a crisis management plan ready. The crisis management plan should essentially lay down the list of key contact persons who will monitor the whole situation and take important decisions. The plan should also state about the steps and the timelines that would be taken to mitigate the effect of loss, including hiring forensic experts, media communications and regulatory compliances.
  • Own the responsibility. The best thing that an organisation can do in case of a confirmed data breach is to honestly communicate and apologise for the incident. Though, such communication may affect the brand reputation, but honesty and transparency will be recognised and will help to mitigate the effect. Where the data breach happened due to a breach by a third party vendor or outsourcing service, you can clarify the whole incident but it is still wise to own up the responsibility. Clarify the steps that you are taking against the third party, if any.
  • Communicate with the customers. Statutorily the organisation is required to communicate incident of data breach with the affected customers as soon as possible. While communicating, the organisation should inform it in a clear manner stating the consequences of such data breach and how it might affect the customer, in a polite manner. Make a press release of the incident and be open to media queries, let a senior level officer, to handle such queries.
  • Handle social media conversation. Reply to the questions and messages posted on social media sites. Inform the customers that the organisation is keeping an eye on the messages posted online and try to help and communicate with them in an effective manner.
Steps in identification or reputational crises and legal strategy deployment
  1. Understanding the problemIt might not be wise for an organisation for filing defamation suit or send take down notices on every negative criticism that the company faces. However, certain problematic users, especially those involve in trolling, sockpuppeting or astroturfing can be difficult to deal with.
  • Trolling: These are individuals who post on social media groups, blogs and elsewhere in the internet through disruptive comments, which might even be of insulting or offensive nature to evoke an emotional reaction from other community members or the organisation itself. Habitual trollers may be blocked from the social media groups to prevent further disruption.
  • Sock-puppeting: Sockpuppets operate in a similar fashion as the trolls, but often they create fake profiles and operate through pseudonyms. In cases where such posts are made through anonymous or fake profiles, it will be difficult to discover the actual identity of such users, as most social media sites have strict policy against disclosure of information about their users.
  • Astroturfing: It is a commercially or politically generated well planned strategic event, where a body or group of people will work in concert to attack on a particular product or organisation by posting messages on social media sites. For example, Greenpeace created a pacman type game where it was shown that Tata’s logo is chasing turtles. This game was created to generate support against creation of Dhamra port in Odisha, which was constructed by Tata in collaboration with L&T, near a site which is a popular nestling place for olive ridley turtles.
  1. Collect supporting documents and evidence: It is essential to have a record of the offending or infringing incident so before a corrective step is taken. Capturing screenshots or taking printouts is a good idea. How do you keep records of online content, especially when new content is added continuously and due to the risk of modification of previously uploaded content?  Web archiving services (archive.org) to capture a permanent link to previous version of a page. In case information is subsequently deleted and there is no record kept, it is theoretically possible to recover the original version if metadata is obtained. However, such metadata is likely to be stored in offshore servers and it may be administratively difficult to obtain such information.
  2. Contact the infringer: If you find that someone has infringed upon your intellectual property or has posted something defamatory or false, at the outset, the organisation should send a polite email or comment stating that the organisation owns the right to such property, or that it finds the statement to be false and request that person to either refrain from using the name or remove the post. Alternately, ‘takedown notices’ can be sent to third parties to remove such content (see sample formats for takedown notices). The offender is likely to respond to personalised emails in a better way, rather than sending outright cease and desist letter or canned letters which may contain legal jargon. Sending strong messages the first instance may be counter-productive – there is risk of the infringer posting such letters in the public claiming that the company is trying to gag and suppress speech. After sending such notice, the organisation should give sufficient time to the infringer to respond back.
  3. Use reporting mechanisms of social media sites: An effective and quick way of removing seriously offending posts or removing pages where there is misuse of username or trademark, can be through requesting the social media operator to remove such information or page. All social media sites have “terms of service”, “terms of usage” or “usage policy” which govern the usage of such social media sites by the users. Such “terms of service” policy lays down rules related to posting of comments and images, including guidelines of what can be posted and what is prohibited. In case, a user has violated such terms of service, the social media operator has the right to remove such offending posts, ban the user or in extreme cases, even prevent the users from creating further accounts; however the discretion of removing such information lies with the social media operator.
How should you report such incidents?

One can use the reporting mechanisms of social media sites, including flagging of offensive posts and fake profiles, submission of complaints form and send takedown notices to the social media operator.
  1. Identify when to litigate: Litigation is costly and time consuming process and it might not give the best result, especially when one is dealing with online activities. The legal counsel should be able to identify whether the post or the page created is actually infringing on the rights of the organisation or is harming the reputation of the company. One should understand the motive behind creation of such pages, whether the page is merely a fan page, or a parody or satirical page, whether such page/post might attract fair use defences or defence of truth. If it is a fan page, you can request the admin of the page to mention a disclaimer at the top that such page is a fan page. At certain times, you may negotiate a licensing agreement with a person who have created an accessory page to complement your product. For example, a page selling mobile flipcovers or screen guards and uses the trademark of the mobile company. At certain times taking strict legal action against parody accounts or fan pages might create public relation problems or create negative emotions amongst the genuine fans. Except when such posts/pages are significantly offensive or damaging, the organisation should learn to be tolerant against genuine grievances or fan pages.


Case study:

In 2003, American filmstar Barbra Streisand bought a $50 million lawsuit to remove a photo showing her mansion, which was taken by a photographer as a part of a project which was documenting California’s coastline erosion. As a result of the lawsuit, the photo was viewed by more than 4 lakh people, instead of 6 people who saw the photo before the lawsuit. This effect is popularly known as Streisand effect.

Casey Movers, a movers and packer company in Boston send a legal notice to a woman who has published a negative review of their service at Yelp, a business review site. The woman’s husband posted about the legal notice in a blog, which was noticed by number of other websites like Techdirt, Consumerist, Reditt and received a wide publicity. Later, Better Business Bureau, a self regulating body revoked its accreditation of Casey Movers.


  1. Send cease and desist notices: In case the poster has not removed the post/page and such posts/pages are significantly offensive or damaging the reputation of the organisation, the next option will be to send cease and desist notice informing the poster that the organisation has ownership over the marks and its intention of bringing a lawsuit against the poster or in case it may offer alternative remedy like asking to license the mark.
  2. It is possible to litigate pre-emptively without knowing the identity of the infringer (ask for John Doe orders when you do so): In case the infringer’s identity cannot be identified, the organisation can seek John Doe orders (or Ashok Kumar orders as it is known in India). John Doe orders is a special type of injunction order which are granted by the court when the defendant’s name is unknown or cannot be identified.
Filing a defamation lawsuit

Defamation refers to any act causing injury to the reputation of a person or a company using false statements or actions. There are two main kinds of defamation - libel & slander. Libel is visual defamation which is in written form, which may includes posters, prints, forged pictures or videos and online defamation through social media. Another form of defamation is slander which primarily includes verbal remarks. However in India the courts do not distinguish between libel and slander. Defamation is actionable per se which means that the party complaining of defamation need not prove the existence of damages.  However, defamation cannot be said to exist if a party makes a statement about another party which is materially true or fair.

In India, one can file a suit for defamation under both civil and criminal law. Section 499 of the IPC deals with defamation and covers both libel and slander. If a person through spoken words, signs or visible representation (images or words) with (i) the intention of causing harm to the reputation of the person to whom it pertains, or (ii) knowledge or reason to believe that the imputation will harm the reputation of the person to whom it pertains will be considered to have committed the offence of defamation.

Section 499 of IPC is capacious enough to include cyber defamation within its ambit, however Section 66Aof the Information Technology Act which talks about sending improper material, but does not talk about publishing derogatory material which is an essential prerequisite for defamation.

Generally, in civil cases, the main remedies sought for defamation are – damages and injunction. One can even file for a pre-emptive injunction when a person is apprehensive about possible defamation. However, such pre-emptive injunction will be granted in clearest cases, where the complained material is non-libellous in nature. However, the court may not grant such injunctions where the defendant have stated that he will be able to justify the libel and court believes that he will be able to prove such allegations. However, such orders are generally rare and not granted by the Courts on a regular basis.

Case laws pertaining to defamation


A person posted defamatory statements on blogs and numerous other websites related to tax fraud, other illegal fraudulent practices and hiring a hitman to kill the blogger by an Oregon based corporation. The company filed a defamation lawsuit against the blogger, wherein the jury ordered the blogger to pay $2.5 million as compensation and damages. (Obsidian Finance Group, LLC v. Cox)

A patient posted false allegation of bad cosmetic medical treatment received by her from the doctors in review sites, Myspace and another website. The medical group and the doctors filed a defamation law suit against the blogger, wherein the Court ordered the defendant to pay $12 million as compensation and damages. (Desert Palm Surgical, P.L.C. v. Petta)

A construction contractor filed a lawsuit claiming damages and injunction against defamatory reviews made on certain review websites by the defendant. The Court granted preliminary injunction against the defendant and ordered him to remove certain parts of the post. (Dietz Development LLC v. Perez)

A car dealership filed a defamation lawsuit against two brothers of an ex-employee who was removed from the service. The brothers created a smear campaign on Facebook and created a website alleging that their sister was removed from the service on the grounds of cancer. The Court issued an attachment order of $1.5 million against the brothers. The appellate court reduced the attachment amount to $700000. However, later the parties agreed for settlement, with the brothers agreed to delete the websites. (Clay Corporation v Colter)


Test Your Skills Now!
Take a Quiz now
Reviewer Name