When news broke that Facebook was found to be mishandling user’s data, the company’s stock plummeted as both the social networking site and its owner, Mark Zuckerberg lost billions. A whistle-blower informed that millions of Facebook users had their data exploited by the political consultancy Cambridge Analytica which is accused of improperly using the data on behalf of political clients. It was reported that Facebook knew the data was being harvested in 2015 but did not alert users at the time. Mark Zuckerberg acknowledged that a “huge mistake” had been made, but the damage had already been done. Whatever trust users had in Facebook regarding their data security will have been shot to pieces. What could this negligence be down to?
Egil Bergenlind, CEO and founder of DPOrganizer believes there is a severe lack of consideration from top-tier technology companies when it comes to the handling of data. He said, “this boils down to a lack of transparency from the social media giant about what data is being held on its users, how it is being obtained, what it is being used for and with whom it is being shared and Facebook is not alone in this. The problem is that this leads to a lack of accountability and often results in the incorrect assumption that any data collected belongs to the company, rather than its individual users.”
What organisations need to start realising is the importance of reputation and how a scandal like this can have detrimental impact. When an organisation is lambasted in the headlines for suffering a data breach, the costs in damages can be in the millions. Yet the harm sustained to the reputation of an enterprise is something that cannot be quantified. The Equifax data breach in 2017 is a prime example of this.
The Facebook/Cambridge Analytica scandal will also trigger an immediate reaction on how organisations use Facebook. A belief shared by Chris Ross, SVP International at Barracuda, who claims that, “while the longer-term effect on Facebook’s reputation remains to be seen, we expect to see organisations making decisions about whether the platform poses a security risk and how to minimise the threat on those occasions where an alternative option just doesn’t exist.”
Humans have become more vigilant regarding their data privacy and organisations need to understand this notion and begin to take data security seriously, especially with data protection laws coming into force like the European General Data Protection Regulation. Richard Holmes, cyber services lead at CGI UK touched on this fact, stating “GDPR demands that organisations have a legal basis for processing personal information. Individuals will increasingly demand to know how their data is used and where it is shared. Terms and conditions of collecting and processing personal information will need to be much clearer to meet this demand.”
Facebook has well and truly brought data security and privacy into the international spotlight and will no doubt bring about a much-needed change in the way organisations collect, store and use sensitive data. In Europe, GDPR is a step in the right direction but time will tell if more stricter laws need to be passed to see a dramatic change.