Skip to content 
When a business crisis hits – a data breach, a regulatory investigation, an employment dispute that goes public, a product failure, or an executive misconduct allegation – the pressure to communicate quickly is enormous.
Stakeholders want answers. Media want statements. Staff want reassurance. The instinct is to get something out, to take control of the narrative, to be seen to be responding.
That instinct, without legal input, can make a bad situation significantly worse.
The Tension Between PR and Legal Objectives
In a crisis, communications teams and legal teams often have different instincts – and both instincts are valid within their own frame.
A PR perspective prioritises narrative control, stakeholder confidence, and reputational protection. Speed matters. Empathy matters. Being seen to act decisively matters.
A legal perspective prioritises preserving options, avoiding admissions, managing regulatory exposure, and protecting the organisation’s position in any future proceedings. Precision matters. Silence can be strategic. Timing matters in ways that aren’t always visible from the outside.
Neither perspective is wrong. The problem arises when they operate in isolation.
What a Statement Can Cost You
A public statement made in the early hours of a crisis – before the facts are fully established, before legal exposure is assessed, before regulatory obligations are understood – can:
- Constitute an admission that prejudices your position in litigation or regulatory proceedings
- Trigger regulatory notification obligations you didn’t know applied
- Waive legal privilege over documents or advice
- Create inconsistencies that are later used against you if the facts turn out to be different from what you initially understood
- Expose individual officers or directors to personal liability
None of this means you shouldn’t communicate. In many cases – particularly data breaches under the Notifiable Data Breaches scheme – you’re legally required to. It means that what you say, when you say it, and how you say it needs to be shaped by both communications and legal judgment simultaneously.
The Notifiable Data Breaches Scheme
Under the Privacy Act 1988 (Cth), organisations covered by the Act must notify the Office of the Australian Information Commissioner (OAIC) and affected individuals when an eligible data breach occurs – one that is likely to result in serious harm.
The notification must happen as soon as practicable after the organisation becomes aware of the breach. What that means in practice – what triggers awareness, what the notification must contain, who must be notified – requires careful analysis, not a press release drafted in a panic.
Getting the notification wrong, or delaying it without a defensible basis, can itself become a regulatory issue separate from the breach itself.
Employment Disputes That Go Public
When an employment dispute – a termination, a workplace investigation, an allegation of misconduct – becomes public through media coverage, social media, or an employee going on the record, the temptation to respond publicly is strong.
The legal constraints here are significant. Employment matters often involve confidentiality obligations. Responses that identify the employee or characterise their conduct can give rise to defamation claims. Statements that comment on ongoing proceedings can prejudice them.
The appropriate response almost always requires legal input before any public statement is made – even a ‘no comment’ should be deliberate, not default.
What an Integrated Crisis Response Looks Like
Businesses that handle crises well – and there are Melbourne businesses that handle them very well – tend to share a few characteristics:
- They have a crisis response protocol before the crisis happens, which identifies who makes decisions, who communicates, and who provides legal sign-off on external communications
- Legal and communications advisors are briefed simultaneously, not sequentially
- Internal communications are treated with the same legal care as external ones – emails to staff during a crisis can be discoverable
- Decisions about what to say are made with a clear view of both the legal exposure and the stakeholder impact
None of this requires a large in-house legal team. It requires having the right external advisors on call and a clear understanding of when to use them.
The Practical Takeaway
If your business faces a serious crisis – or if you want to be prepared before one happens – the conversation between your legal and communications advisors needs to happen before anything goes out the door.
At Morcos Law Group, we work with Melbourne businesses and boards on crisis legal strategy – advising on regulatory obligations, managing legal exposure, and helping organisations communicate in ways that protect both their reputation and their legal position. We stay close, move quickly, and give you advice you can actually use under pressure.