For a long time the concept of privacy and Facebook didn’t seem at all congruent. Users embraced the social media app as a way to share, share and over share in a comfortable, freewheeling little bubble of friends and family – or so we thought. When news broke of political consulting firm Cambridge Analytica amassing the personal data of more than 50 million Facebook users without their consent, everything we may have thought about privacy on the app flipped on its head.
As Facebook continues to come under fire for having what many say are lax privacy settings that have allowed personal data to be unknowingly farmed for a range of purposes, a big question looms about how prepared any of us truly are in an increasingly digital world. If Facebook’s digital environment has really encouraged users to click before they think, it calls into question how all businesses operating on a digital model can utilize customer data without assuming so much potential risk.
As we have seen with this Facebook mess, the implications of poor data management are myriad, particularly as more mobile apps are being used to help collect important customer information. One small mistake leading to a data breach can be costly on so many levels; from cleanup to reputation, which begs the question of how one can successfully and securely maintain privacy standards in a world of data that can sometimes feel like the Wild West.
Serious Privacy Implications
David Thomas, CEO of Evident ID, a cybersecurity company specializing in personal data interaction, said that unfortunately there are many ways that customer data is being put at risk right now.
“One of the most common ways,” he said, “is companies collecting and holding more data than they actually need. It makes them a bigger target and has serious privacy implications.”
If the Facebook scandal can teach us anything at all it’s that freedom of speech and privacy do not have to be at odds.
“Especially in light of the Facebook news, we have to define a data breach,” Thomas said. “We need to think from the perspective of the customer. Any time their data is provided to a party without their clear understanding and consent, customers are likely to consider that a data breach. The implications are wide-ranging – from reputational damage to regulatory action, depending on the particulars of the breach.”
Who Has Access?
One way to rethink security is by implementing strict security protocols that help lay out who exactly has access to customer data. “Facebook may have been well-intended about the purpose of sharing data with platform apps,” Thomas said. “However, their lack of foresight into what may happen with an app or company that was not as positively intended is a good lesson for all of us.”
So, who is ultimately responsible for privacy? The user? The company? Or both?
“Businesses and individuals must work together to protect sensitive personal information,” said Thomas. “Users can and should take ownership of when and how their personal data is used. Providing clear consent to businesses about what type of data they are able to access, as well as knowing the security policies of those businesses, are all the responsibility of the individual.”
However, he said that businesses entrusted with user data must be worthy of that trust. This means providing users with simple transparency and tools to control how their information is used. “Businesses must demonstrate leadership and own the responsibility that comes with asking for and using customer data,” he said.
For IT managers and cybersecurity experts, this also means rethinking how data is ultimately protected; starting with reevaluating how a business is really accruing and using customer data, and for what purpose that data will be used down the road. For a long time now the industry standard’s been downright Orwellian – that is, sucking up as much data as possible to better understand market trends and users’ habits no matter the cost to privacy. This do-or-die attitude will not likely change overnight as long as there is profit in the process – customer data translates to big money after all. But the picture is improving thanks to tough lessons from Facebook and other giants that have had to confront these issues in a very public way.
Click here to access CompTIA’s IT Security Community’s full suite of cybersecurity resources.
Natalie Hope McDonald is a writer based in Philadelphia.