Too much sharing

“Facebook Draws U.K. Fine Over Sharing Data,” The Wall Street Journal, October 26, 2018 B4. Facebook fined half a million Pounds ($645,000) for allowing Cambridge Analytica for letting them see and use user data.  This is separate and apart from any fines the EU may impose.

Part of the problem is that Facebook didn’t do enough (i.e., anything) after it found out about Cambridge Analytica having accessed the data.

So, some points to consider:

  1. Whose information was it?
  2. Whose (and how many) rules (EU, UK, US, other) apply to (i.e., govern) a data breach?
  3. Why didn’t FB do anything after learning of the problem?  Did it not have a process for handling a vendor that accessed data inappropriately?  Doesn’t Governance require you to have such a process?  Does Compliance entail requiring your vendors to follow a process, and penalizing them when they don’t?
  4. The fine here won’t go to the UK residents whose privacy was invaded.  Is this a fine or a tax?  It certainly isn’t damages.

 

 

Advertisements

Leave a comment

Filed under Access, Compliance, Compliance (General), Controls, Corporation, Duty, Duty of Care, Governance, Internal controls, IT, Oversight, Privacy, Protect assets, Security, Third parties, Vendors

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s