Three ways the Facebook data breach provides lessons for other businesses
By Beth Haddock
The tale of how the Facebook data breach exposed the data of 50 million users to a Cambridge Analytica researcher may shine a light on how business ethics and regulatory compliance issues are struggling to keep up with fast-moving technological advances.
It also shows that the more things change, the more they stay the same when it comes to organizations that focus on commercial success without equal attention to governance and corporate responsibility.
We often see gaps in business judgment when companies are managing a crisis of trust by its customers and the public at large.
The data breach happened a few years ago when 270,000 Facebook users took a personality quiz through an app that, without their knowledge, allowed the quiz maker to take their private information. The app maker was then able to access the data of those people’s Facebook friends and provided the information to Cambridge Analytica, a data-analysis firm.
Now regulators in both the United Kingdom and the U.S. are asking for information about what Facebook knew and how it reacted after discovering the breach.
The case does indeed raise questions — and lessons for other businesses.
Self-interest over obligation to consumers
Companies should not ignore their responsibilities to customers, but there’s an indication in this case that greater emphasis was placed on self-interest. For example, Facebook used a newspaper advertisement to try to mitigate the company’s legal liabilities but didn’t address corporate responsibility. Facebook founder Mark Zuckerberg posted a timeline of events but didn’t mention a 2011 settlement with the Federal Trade Commission that involved deceiving users about privacy protections. Finally, Facebook’s Code of Conduct says employees must represent the “best interests of the company” but makes no mention of corporate responsibility to customers.
That’s an interesting foundation for a culture of 10,000 employees with access to powerful personal information. Imagine a Wall Street firm or a doctor whose code of conduct is solely self-interested and what’s best for the investor or the patient isn’t considered. This arguably is an example of “fudge-factor thinking,” where people find ways to justify in their own minds questionable ethical decisions, and it’s something businesses need to be wary of.
Compliance and governance
It will be interesting to watch how Facebook’s compliance and governance program withstands scrutiny, especially against public statements that shareholders relied upon to invest in this public company. This is a good reminder to other companies. Assess whether your governance is built on a foundation of fudge-factor thinking. If it is, make changes before there is a foreseeable surprise that results from poor business judgment.
The data breach itself
This may serve as a cautionary tale for other American companies, because regulatory agencies both at home and abroad could come down on them hard if they aren’t vigilant about protecting user data. Innovation is prized in the U.S. But when it comes to breaches of trust and information, caveat emptor may be a faulty premise for U.S. technology companies going forward.
It’s important for management to ensure that the ethical values of an organization are not only consistently implemented but are also integrated at every level of the business and reinforced by employee education.
Beth Haddock, CEO and founder of Warburton Advisers, is the author of “Triple Bottom-Line Compliance: How to Deliver Protection, Productivity and Impact.” She has more than 20 years of experience as a compliance and business executive. Her consulting firm provides sustainable governance and compliance solutions to leading international corporations, technology companies, and nonprofits.
Articles related to “Three ways the Facebook data breach provides lessons for other businesses”
The end of civility: Facebook and other social media bring out the worst in everyone
Facebook’s ad targeting system can divide us on more than just advertising