Are you serious about enforcing your policies?

The headline from Tuesday says it all.  “Data Blowback Pummels Facebook,” The Wall Street Journal, March 20, 2108 A1.  Inquiries into allegedly improper data access in support of Trump campaign.  Stock dropped 6.8% on Tuesday (-$36 billion in shareholder value).  Congress stirs.  Wants to restrict how Facebook deals with user data.

At issue is information of the same type shared with the Obama campaign in 2012, allowing access to your connections.  After that election, Facebook changed their policies.  This case involves a professor (technically, a vendor?) getting information from Facebook and sharing it with others, including a group advising the Trump campaign.  After Facebook discovered what the professor had done, an audit was done at the campaign adviser group, which said it had deleted all the data once it learned the professor had violated Facebook’s policies when he provided the information.

Who owns the data (such as who your friends are), and what protections are applied to this data?  Is Congress getting involved going to help or hurt?  How do you make sure your vendors comply with your policy?

And Facebook’s policies?  Today’s headlines says it all (sort of):  “Lax Data Policies Haunt Facebook,” The Wall Street Journal, March 21, 2018 A1.  Actually, it wasn’t a problem with the policies, it was the fact that Facebook wasn’t very good at monitoring or enforcing them.  And the policies were adopted as part of a settlement with the FTC.  This could get expensive.  The Canadian government (where there is more extensive privacy protection by law) is also investigating.  An additional 2.6% drop in shareholder value on Tuesday.

See also “Facebook Provokes Storm Over User Data,” The Wall Street Journal, March 19, 20198 B1.  How did an outside data firm get access to users’ private data without their permission?  Unclear whether the data firm kept the data longer than it should have.

Watch this space. This is going to be news for a while.

Advertisements

Leave a comment

Filed under Access, Analytics, Compliance (General), Controls, Corporation, Duty, Duty of Care, Governance, Information, Internal controls, Oversight, Ownership, Privacy, Protect assets, Third parties, Value, Vendors

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s