Oops, Facebook Mistakes Revealed
Facebook has been haunted by criticisms of how it handles users' data in the wake of the Cambridge Analytica scandal that saw millions of people's data shared without their permission to Cambridge Analytica. In an effort to understand how data collecting companies can mitigate risk and prevent the same mistakes, here are the mistakes that Facebook made:
- Mistake #2: Facebook did not notify users of the data leak earlier.
- Mistake #3: Facebook also did not contact the Information Commissioners Office about misuse of data.
We recommend the following actions be taken by companies wishing to mitigate risks or exposure to violations, fines and possible criminal penalties. I am guessing that #5 is where Facebook encountered the biggest deficiencies. Proper protocols and workable procedures could have been prevented these mistakes.
- Review of all terms and conditions for compliance with European Union Data Protection Regulations (GDPR), U.S. Data Protection Regulations (Federal and State).
- Review of contracted sales for dissemination of public user data without proper or informed consent.
- Review and assessment of confidential Information and private Information.
- Prepare a matrix of crossover breach of contractual and regulatory compliance requirements.
- Review of policies, procedures and protocols to determine gaps in addressing compliance issues.
- Prepare a strategic and tactical plans of action addressing above.
- Regular auditing.
For an overview of the Cambridge Analytica data breach see blog posting entitled "What's Going on With Facebook?"