Thursday, February 25, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

What Happened at Facebook?

by Stephanie Quaranta
June 18, 2018
in Data Privacy, Featured
What Happened at Facebook?

Lessons From The Giant

While not every organization is a nearly 2 billion user, social media giant like Facebook, there’s a lesson to be learned for all organizations from recent events: in today’s data-driven business environment, customer trust matters more than ever before. In this article, Gartner’s Stephanie Quaranta outlines steps privacy and compliance executives need to take in order to protect the value of their customer relationships and ultimately minimize their company’s exposure to privacy risk.

By now, the saga of Facebook and Cambridge Analytica is familiar to us all. In 2013, University of Cambridge researcher Aleksandr Kogan collected personal data from 270,000 Facebook users through a personality test app called “thisisyourdigitallife.” At the time, Facebook’s policies allowed app developers to collect data not just from users who had explicitly consented, but from those users’ friends as well. Kogan assigned test takers and their friends to psychographic segments using the collected data, then sold that information to a political consulting firm called Cambridge Analytica.

Though Facebook discovered this at the end of 2015, it chose not to alert impacted users. Instead, Facebook simply asked Cambridge Analytica to delete the data. Only in March of this year, after an exposè by The New York Times and The Observer of London reported on the data harvesting and Cambridge Analytica’s use of that information to micro-target voters in advance of the 2016 Brexit vote and US presidential election, did Facebook go public with what had happened.

The immediate backlash was fierce. Facebook stock plummeted 18% in 11 days, wiping out $80 billion in value. The hashtag #deletefacebook emerged, with Google searches on how to delete your profile more than quadrupling in the week the scandal broke. Regulators and lawmakers across the globe opened investigations into Facebook’s privacy practices.

Customer Trust at Stake

But here’s where things get really bad for Facebook, and where companies in every industry have a lesson to learn: in the wake of the scandal, 61% of Facebook users said they have “not much” or “no” trust in Facebook. By not being crystal clear in their user agreement, by implementing a policy that was clearly too far ahead of what the users were comfortable with, and by not disclosing the problem when they first discovered it, Facebook has consumed whatever stockpile of user goodwill it once possessed. And while the company’s stock took less than 8 weeks to return to its pre-scandal value, and ultimately only about 9% of users actually did #deletefacebook since the scandal broke, this loss of customer trust is potentially the most devastating to the business.

How so? First and foremost, there are real and immediate costs to losing customer trust. Organizations spent a total of $50 billion on data and analytics in 2016. With the EU’s General Data Protection Regulation (GDPR) now in force, if even one-third of those customers chose to exercise their right to be forgotten, it would cost those organizations a total of $17 billion.

Thinking more long-term, Facebook generates its revenue through advertisement sales, and what makes Facebook a valuable platform for those advertisers is the wealth of data it collects from user activity and profiles that can be used to target their messages. But what happens if Facebook’s users no longer trust the platform to protect that data and use it appropriately? We know that 79% of consumers say they would be unlikely to share data with a company they do not trust. So while people may not be deleting Facebook profiles, they are likely thinking twice before they like a post or RSVP to an event. Users sharing less information is a fundamental threat to Facebook’s data-driven strategy.

And that’s where you come in. More than anything else, the Facebook scandal has demonstrated the value of customer trust and transparency to today’s organizations. You may not operate on an ad-revenue model, but it’s not only social media giants and tech companies that rely on customer data for success. In today’s digital environment, every industry from insurance to retail is increasingly reliant on customer data to underpin major business decisions. Transparency also is not just a Facebook problem– a full 70% of customers generally believe that companies are not transparent about the way their data is being used. Only 9% believe they have “a lot of control” over the information that is collected about them.

Action Items for Privacy and Compliance

What can privacy and compliance executives do to fix this? Start by facilitating a conversation with your board or senior leadership team to uncover any gaps at your organization. Consider the following key questions:

  1. How heavily does our business model depend on the use of high-risk data? Outline which parts of the business are collecting more or more types of information, providing broader access to employees or third parties, or relying on the information in different ways to make decisions.
  2. Does your business strategy document and subsequently manage the potential privacy risks it creates? Ensure your leadership team feels equipped to explicitly account for privacy risks as they set strategy and make decisions by understanding what creates risk and how it can be managed.
  3. How effective are the controls we put in place to manage our privacy risks, especially those in our highest-risk areas? Discuss whether and how existing controls can maintain effectiveness in a dynamic privacy risk environment, and ensure there is a plan in place to audit and test them regularly.
  4. Do we understand our customers’ expectations and level of comfort with respect to how we manage their data? As the legal and regulatory environment lags behind the pace of innovation, the question becomes “should we do this?” rather than “can we do this?” Brainstorm ways to source customer input into your overall data strategy.
  5. Are we being as transparent as possible with our customers in communicating how we use their data? Ten pages of legal jargon that customers consented to once five years ago is not transparency. Check that your customer-facing policies are accessible and intelligible, and make a plan for communicating them frequently.
  6. What is our third-party strategy? Conduct an exercise to understand how third parties are being used across the company and set guardrails to ensure the third-party strategy is in line with the overall risk appetite.
  7. How effectively are we monitoring ongoing third-party compliance with our standards? Your third-party standards are only as effective as the amount of oversight you dedicate to them; make sure your leaders have processes in place for ongoing monitoring.

Privacy and compliance executives have a big role to play in ensuring continued access to what has for many companies become their most valuable asset—customer data. Put your company on the right path by ensuring your data practices foster a strong and long-lasting relationship with your customers.


Tags: social media risk
Previous Post

Preparing the Organization for an Economic Downturn

Next Post

Moving From Reports to Analytics

Stephanie Quaranta

Stephanie Quaranta is a data privacy research director at Gartner. In her role, she works with legal, compliance, and privacy executives at Fortune 500 companies to identify and prepare for emerging risks, embed privacy risk management into business operations, and work effectively with business and functional partners across the organization. Stephanie holds a B.A. in International Studies from Boston College, and an M.A. in International Economics from the Paul H. Nitze School of International Studies at the Johns Hopkins University.

Related Posts

woman looking at horizon from mountain top

What’s on the Horizon for Anti-Corruption Enforcement?

February 25, 2021
cannabis leaf on $100 bill

The Intersection of EDD and Banking Cannabis

February 24, 2021
gold cup award on red background with stars

Ethisphere Announces the 2021 World’s Most Ethical Companies

February 23, 2021
illustration of hand holding flashlight illuminating hidden stairs

The Corporate Transparency Act: Pulling Back the Veil

February 23, 2021
Next Post
Moving From Reports to Analytics

Moving From Reports to Analytics

Access realtime data
Addressing systemic racism in the workplace SAI Global
Dynamic Risk Assessments with Workiva
Top 10 Risk and Compliance Trends

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment Sanctions SEC social media risk supply chain technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights