Who would have thought a tech CEO testifying to Congress would make such good TV? Mark Zuckerberg talking about Facebook’s failure and its next steps has America watching. It’s not like we are all going to quit Facebook, but we do need to hear from its leaders.

That’s because what Facebook did and what they do next affects so many of us. Cambridge Analytica had access to our data and used it to influence elections. Yet, no breach had occurred, no one stole data, and no one used our data in violation of Facebook data security agreements. In fact, Cambridge Analytica followed procedures developed by Facebook and gained access to the data legally.

Facebook owns over ten companies including Facebook, Instagram, Messenger and WhatsApp and has unfettered access to the personal details, data and thoughts of over a billion people worldwide — by design and by choice. Following days of uncomfortable silence, the CEO and COO of Facebook are engaging in a concerted media campaign to protect the company’s image as a safe space to connect.

So what can — or should — a beleaguered leader do when confronted by an onslaught of bad publicity? Well, for one: agree on message. However unpleasant the underlying truth is, you have to be aligned on what you say about it. So far, Mr. Zuckerberg and Ms. Sandberg have not been aligned. They need a message frame.

We use a four-box model to align our client executives on speaking points, regardless of the challenge they face. All spokespersons must be in lock-step on the story. Each person’s script, if you will, may vary, but they must answer the same four questions with the same four answers that make up the message. We always do this in a facilitated session with a company’s leaders, but as Mr. Zuckerberg is unavailable, I’ll give him some free advice.

These are the four question he and his team must answer:

What’s the challenge? Facebook had a policy that enabled third parties access to user data without users really understanding it. Sure, everyone signs a user agreement, but Facebook’s privacy controls live underneath a series of menus; only a very determined person will actually do a deep dive to protect their own data. The challenge is complexity.

What’s the solution? Facebook is based in a country with a government that rarely agrees on new regulations, especially right now. So their problem is not so much Congress as public backlash. What does the user want? Facebook’s solution should be simplicity of user data privacy controls and tighter access to data by third parties – using policies it already follows in countries with stricter data privacy laws.

What is the approach? At first, Facebook execs offered explanations of what went wrong: they made mistakes, they were too slow to understand, and mishandled the crisis. Now they need to describe, in concrete terms, how they will address the mistakes. Facebook should adopt a new governance model and policies that value the user’s privacy, then communicate as quickly as possible about the changes: what, when and how. The approach has to be respect, through security and transparency,

What’s the outcome? We all love and hate Facebook, but most of us can’t help but log in every once in a while to see a curated version of reality. It’s a fun distraction and a useful communications tool. It connects us to friends and family far away. But now, users are angry. For Facebook and its shareholders, the outcome has to be to retain its leading position as the biggest social media platform in the world. But how? By acting in a responsible manner and regaining users’ good will. The outcome is trust.

Facebook shares have lost 15% since the data debacle came to light. That should inspire Mr. Zuckerberg to build a stronger foundation for his company. Here is the message frame to help.

message frame for Facebook