On Wednesday afternoon, March 21, Facebook CEO Mark Zuckerberg took to his platform to address the ongoing scandal relating to illicit user data collection by Cambridge Analytica. His post came after more than $60 billion in losses, as tech writers, platform users, both houses of Congress, and members of both UK and EU Parliaments have demanded responses.
In his response, Zuckerberg notes that the company’s carelessness has led to “a breach of trust between Facebook and the people who share their data with us and expect us to protect it.” He’s also vowed to work to repair that breach.
While the social network is notorious for collecting wide-swaths of data from its users, the issue with Cambridge Analytica goes much deeper. Cambridge Analytica, a data analysis house with a focus on strategic electoral communications, was handed the data of almost 300,000 users (along with that of 50 million of their friends) by Aleksandr Kogan, a Cambridge University researcher who had developed a personality quiz app. Though much of this data was harvested prior to Facebook limiting access to data by apps in 2014, it was used by Cambridge Analytica to target voters in the US and UK.
The sharing of user data violated Facebook’s developer policy, and Zuckerberg states that the personality app was “banned … from our platform.” Both Kogan and Cambridge Analytica were then to provide formal certification to show that all the improperly collected data was deleted. According to Zuckerberg, both parties complied.
Last week, The New York Times and The Guardian both reported that Cambridge Analytica had not deleted the illicit data and had instead used it to target voters. Channel 4 News then released a three-part series documenting how it used the illicit data to influence elections.
Addressing Ongoing Privacy Concerns
In his post, Zuckerberg lays out steps that Facebook has already taken to protect user data. He points to a major policy change in 2014 that fundamentally altered the ways in which apps (and their developers) could access user data. The change made it so that apps could only access the data of user’s friends only if those friends had authorized the app to collect data. Any collection of sensitive data had to be cleared by Facebook first. Facebook users could fine tune their privacy settings, though they were not easy for many to find.
The new changes are built off this older policy. The most visible change is the addition of a tool at the top of the user’s News Feed. This takes the previously buried privacy settings page, making it easier to find and use.
The more substantial changes relate to the behind the scenes data collection. Facebook will start an investigation into all apps on the platform prior to 2014 that had access to large amounts of personal data. If they deem that the data was (or is currently) suspiciously handled, they will conduct an audit, banning any developer who refuses to comply.
Facebook will also halt developer’s ‘evergreen’ access to user data simply because the user had the app connected to their account. If someone hasn’t used an app in 3 months, the developer will have their access to that user’s data removed. Facebook is also reducing the amount of data developers have access to without first signing a contract.
The Potential Impacts of Social Media Use on your Business
While this news has enormous potential to impact how, why, and when people use social media, the direct impacts on your business remain the same. Facebook and other social media sites have fundamentally altered how people engage with each other. In turn these broader cultural shifts have created new avenues for businesses to engage with the public.
According to the Society for Human Resource Management (SHRM) “there is no one-size-fits-all approach and no single right way for an organization to use social media applications.” Social Media outlets present many benefits to organizations, including the ability to expand client and recruiting networks and expanding the ability of a marketing campaign to reach its intended audience.
However, employee use of social media can tarnish the reputation of an organization by maliciously or inadvertently posting negative comments. A business could be open to legal action should employees use those platforms to “view or distribute objectionable, illicit, or offensive material.” Social media platforms also present cybercriminals with another vector for social engineering or other hacks.
Take this opportunity to revisit your organization’s Bring Your Own Device (BYOD) and social media policies, especially if you haven’t in a while.