Facebook recently hit the headlines in what is arguably the biggest crisis the social network has seen. It emerged that data of 87 million users had been shared with analytics firm, Cambridge Analytica, through a third party application. Basic information was gathered and used to influence voters in the U.S. Election.
Was it a data breach? Arguably no, but what is very clear is that, as we enter a new era of data privacy, from the forthcoming EU General Data Protection Regulation (GDPR) to rapidly growing awareness of the way personal data is harvested and mined, and the value this data holds – organizations can no longer afford a cavalier attitude to data governance and security.
Facebook may have held their hands up and admitted fault, but the damage is caused. Any organization who cannot and does not provide its customers with utmost trust in how their data is treated, will face the full brunt of not only the ICO and other regulators in coming months, but worse – tarnished public perception.
Transparency is key
Let’s face it, most users are very aware that they ‘pay’ for free services like social networking by sharing their personal information with advertisers. This means they get targeted ads and relevant recommendations, all whilst connecting with their friends, for free. However, this data sharing relationship can be fundamentally damaged when users realise their data has been used in ways it should not have been.
With GDPR imminent, companies need to make the purpose for which they wish to use the data explicit and in an easy to understand way – from new product launches to service innovation. Organizations need to be clear and transparent with their customers on the purpose, value and intended use of their data, or risk losing their trust altogether.
Get to know your third parties
One of the main lessons learned by Facebook lies in its naivety towards how Cambridge Analytica was using the data. In order to maintain transparency – and trust – with their users, organizations need to make sure they fully understand how data is being used and secured throughout their operations, so that they can not only be clearer with their users, but ensure appropriate controls and measures – ie the underpinning principles of data governance.
The finger of blame will never point to the third party, so despite Cambridge Analytica using the information for a non-permitted purpose, it is Facebook that has come under fire. Since the news emerged, Bumble, a mobile dating app, will no longer allow users to log in using their Facebook account.
Remember your place of trust…
At the end of the day, the Facebook and Cambridge Analytica scandal is not about data security per sé. However, it does highlight the increasing scrutiny on data governance – and that absolutely must include security. Data governance best practice requires a holistic people, process and systems perspective
In today’s digital age, where personal data is more valuable and can be monetised more than it ever has been, organizations need to make sure they adopt a Zero-Trust data governance posture, and assume that any network, device, user or application could be compromised – at any time.