Mark Zuckerberg might be doing his best to evade questions about the data scandal that has engulfed Facebook. But it’s hard to deny that the world has finally woken up to the implications of over-sharing online. This particular incident may concern the actions of Cambridge Analytica, but the scary thing is that it’s just one example of how much of our data could now be out of our control. And once it’s gone, can we ever get it back?
Facebook is just the beginning, with governments, the public and regulators demanding change. The tide has turned, and what was acceptable in the past now seems like utter madness. All businesses, from whatever industry, need to rethink their attitude to data privacy and security, to be sure of safeguarding customers and themselves.
So, what lessons can businesses take away from recent events?
Informed consent is now non-negotiable
One of the arguments Facebook and Cambridge Analytica have used to defend the incident is that their T&Cs, which all users agreed to, outlined that the platform would have access to their own and their friends’ data. Of course, most users won’t have given more than a cursory glance to the T&Cs, which is one of the root causes of the data privacy issue. This is the kind of practice that the GDPR should bring to an end next month, with the shift from a requirement for ‘opt in’ rather than ‘opt out’ consent. The Facebook pickle is another reminder that transparency, informed consent and clear ‘opt ins’ are the name of the game from now on. No more long, jargon-filled or hidden terms and conditions.
No more tardy responses
Another mistake that Facebook made was that they failed to respond quickly enough once they became aware of the issue, either to investigate what had happened or inform users that their data had potentially been compromised. Sheryl Sandberg, Facebook COO, told NBC’s Today show that the company knew what Cambridge Analytica had done two and a half years ago but didn’t take any action, saying: “We could have done this two-and-a-half years ago but we thought the data had been deleted and we should have checked.” Again, this kind of excuse is getting kind of tired now, and with GDPR coming in, is no longer acceptable. If you ever suspect that your systems or customer data have fallen into the wrong hands, you must take action as soon as possible.
As part of its response to the Cambridge Analytica scandal, Facebook has announced a number of changes to its developer platform, which will impact any business that uses the Facebook API or Facebook Log-in as part of its product – that is quite a few. Changes include limiting the amount of data the app or website has access to, cutting this access off if the user hasn’t accessed the app in 90 days and introducing a more thorough app review process. Time will tell how much impact this will have, but any business affected will need to consider how this may affect the functionality of their app or website, and whether additional communication is required with users regarding the changes and how you are complying. There could also be a knock-on effect for businesses making the most of the new PSD2 rules to access user’s financial details via their bank API. Given the current sensitivity around sharing data, these providers need to ensure they are fully transparent in how they’re using customer data.
Time to rethink your content strategy?
Changes to the Facebook algorithm in January have made it harder for brands to promote themselves organically on the platform, with a focus on ‘meaningful interactions’ rather than ‘helping you find relevant content.’ This change was in part driven by the ‘fake news’ issues faced by Facebook during the US election and as a way to reduce clickbait on the site. The latest scandal is likely to make reaching your audiences on Facebook even harder, with stricter privacy settings and more people moving off the platform. So, if you haven’t already, it might be time to revisit your content, social media and broader marketing strategy, to focus on quality, longer-form content and rebalancing with other channels including SEO, LinkedIn or Twitter.
Stay suspicious on social
Finally, this incident also serves as a reminder that any information you or your employees share on social media, be it Facebook, Twitter or LinkedIn, can easily end up in the wrong hands, putting you, your business and your customers at risk of a social engineering attack. Just snippets of information can be used as the basis for tricking you out of money or customer data, so ensure all your staff are aware of the risks.
As the Cambridge Analytica scandal shows, it doesn’t take long for reputations to be irreparably ruined by misuse of customer data. And now the world is switching on to the dangers and their rights, we’re sure to see plenty of similar cases in the months and years to come. So, make sure your business isn’t one of them.
For more on keeping your data and that of your clients safe, check out our Ultimate guide to cyber security.
And remember, if you do get hit, a cyber insurance is your final line of defence. Find out more about how it can protect your business in our Insurance 101, or drop us a line at email@example.com.