by Keith Barthold
Facebook’s recent record-breaking settlement by the Federal Trade Commission (FTC) shows companies why they must be particularly diligent about keeping their client data safe and secure. It’s good business. It reinforces the trust clients place in the hands of companies. And It allows organizations to preserve two important cornerstones of any business: its reputation and the control it maintains over its own operations.
Both were critically jeopardized in the Facebook breach.
On July 24, the FCC announced that Facebook agreed to pay a $5 billion fine for privacy violations and its failure to inform millions of its users about a data leak that occurred years ago. The fine is the largest ever imposed on a tech company.
The settlement followed negotiations after the FTC claimed Facebook had violated a 2011 agreement to protect user privacy after breaking promises to users that it would do so. The $5 billion assessment is significantly higher than the previous amount of $22.5 million, imposed on Google in a 2012 FTC settlement.
That’s quite a hit to Facebook’s reputation – which is already pretty shaky. It’s hard to recover from violations of the public’s trust and privacy. An equally stringent penalty was included which struck at Facebook’s internal operations and autonomy.
The FCC is requiring Facebook’s CEO, Mark Zuckerberg, as well as other involved compliance officers, to certify that the company is taking significant future steps to protect user privacy. The order also removed some of Zuckerberg’s control over privacy decisions by creating an independent privacy committee of the company’s board of directors.
In a news release, FTC Chairman Joe Simons said, “The relief is designed not only to punish future violations but, more importantly, to change Facebook’s entire privacy culture to decrease the likelihood of continued violations.”
Facebook’s Colin Stretch said, “We will be more robust in ensuring that we identify, assess and mitigate privacy risk. We will adopt new approaches to more thoroughly document the decisions we make and monitor their impact. And we will introduce more technical controls to better automate privacy safeguards.”
Privacy and data security violations have repercussions beyond just the financial – which alone can cripple a company. They compromise a company’s reputation and, as seen in the Facebook incident, can even lead to outside influences wrestling operational control and oversight of your business. Do the smart thing: take care or your data, keep your customers safe, and make sure you, and not someone else, controls the destiny of your organization.