Apologies are now the norm when it comes to social web screw ups.
Unfortunately, they are not always done well. There are the good ones that will have the hoped for effect: Reputation protected, customers and regulators appeased. Then there are the weasel-worded apologies that fool no one but executives who fear the bogeyman of some non-specific 'liability'. (Mari-Li Pitcher offers a great personal list at PuckerMob).
With humility let me suggest a basic taxonomy of offensive corporate non-apologies that should be pinned to the desktop of anyone who might have to write one for their company . . . with a big 'Don't Do This' hanging above them.
The 'blame-the-victim' apology
The most common, the 'blame-the-victim' apology, explicitly or implicitly (usually the latter; the former would be too obvious a dismissal of people's concerns) blames the victim for not understanding, being too sensitive or over-reacting
They sound like this: 'I deeply regret that people misunderstood our intentions.' or 'We didn't mean to offend anyone.'
The 'saddened by the impact' apology
An offshoot of the 'blame-the-victim' attempt at atonement is expressing sadness at the impact of an action without somewhere in the apology acknowledging responsibility or committing to fixing whatever happened.
Preferred by executives who have been forced into apologizing, examples include:
'We are saddened that so many lives have been affected by the events of today.' and 'We are all mourning this loss of life.'
The 'deflect responsiblity' apology
This type of apology, couched in sincerity, is an attempt to avoid specific culpability, sometimes by blaming others when the organization has also had a part in the events, or by a generic 'misunderstanding' statement.
"We are deeply sorry we were misled by xxx."
'I am truly sorry that my statements taken out of context offended so many people'
The 'misplaced focus' apology
Pointing at a problem only tangentially related to the main social web crisis event is an especially tricky avoidance gambit. It can take many forms: apologizing for something other than what you really did or by following a sincere apology with an attempt to direct people to a more general matter.
'We're so sorry that your personal information was leaked. Off-shore hacking has become a huge problem in the financial services industry.'
The 'vague apology'
Sometimes know as the 'mistakes-were-made' apology, these are easy to spot because they use the passive voice: 'The fact there was an insulting tweet is evidence that mistakes were made'. This neither respects the fact that something of consequence happened (certainly to the insulted) nor is specific about whether the organization is accepting any responsibility for the 'mistake'.
The better model— if what you want to do is actually to say you're sorry and to protect your reputation—is how Buffer handled a hack a year and a half ago:
Buffer apologized for being hacked. They were the victim, but they recognized that being hacked wasn't of concern to its customers only the fact that they had been inconvenienced. And their apology was personal and heartfelt, and included a commitment to action as soon as possible.