Facebook-Cambridge Analytica data uproar shines spotlight on trust
There's an old saying - when your company name is trending on Twitter, it's either very good news or very bad news. For Facebook and Cambridge Analytica, this week is an example of the very, very bad.
The core of the issue is fairly simple: Facebook collects information on users of their platform, their friends, their likes and dislikes, their online activity in and around Facebook.
This information in various forms is made available to advertisers and other vendors in a variety of ways, making it possible to create targeted marketing campaigns. We're all familiar with the basic concepts of how that works - it's the reason you can't casually read articles about any consumer good without seeing advertising about it for weeks to come.
Cambridge Analytica was one of the companies signed up to use that information, and they claim to have used it for the purpose of targeting (and influencing) people based on their political views. For several days, we've watched an ongoing debate over the role of Facebook and similar companies in politics and marketing, the importance of personal browsing information, and even whether or not this incident should be called a breach or not.
Apparently, you can use people's browsing habits to sell footwear, but selling politicians is crossing a line. Who knew?
Amid the debate over what to call this event, who was involved, and how low Facebook's share price can drop, there are some important lessons for any organization.
1) Personal privacy extends beyond the breach regulations.
We're all familiar with data breach regulations and controls around personally identifiable information (PII). There are all sorts of requirements for the storage and use of personally identifiable information - credit card numbers, social security numbers, medical records, and so on. What's interesting about this incident is that none of the information involved has anything to do with those rules.
We're talking here about routine user data - who read which articles, who liked which comments, and who's connected with whom on a social media platform.
Yet the public outrage is greater than any breach since Target.
One of the oldest lessons in retail is service to the customer. If the customer feels comfortable, safe and well cared-for, they're more likely to spend money. And more importantly, they're likely to tell others that they enjoyed their experience.
One of the reasons the Facebook activity data is so valuable to advertisers is that it gives access to that most valuable of advertising - word of mouth. But being careless with that information destroys the value of it, turns it into a net negative.
How many times this week have you seen people talk about deleting their Facebook account? That isn't because Facebook collected information; we already knew they did that. The backlash is because the customer saw how poorly they were treated.
2) Keeping things quiet is harder than it used to be.
Often times, when something happens we're tempted to keep it quiet. There's no point in kicking up a fuss, right? Facebook disabled access to the personal information for Cambridge Analytica and the other players in the incident, obtained assurances the information was being deleted, and issued a low-key press release only on Friday - late, so no one would notice.
It's a classic routine, and it's a classic because it works. You can almost hear the media team hoping for a presidential tweet as extra cover.
It didn't work.
We talk about the 24/7 news cycle and the impact of social media, but sometimes a dramatic example really drives the point home. When things go really bad, you can try to spin it or keep it quiet but you're taking a gamble.
It's far better to have come out in front of it, to have been a part of the media machine spinning up the big story rather than just being caught in the whirlwind.
3) The lasting damage isn't in the share price.
One of the sideline stories to come out of this incident is the announced departure of Facebook's Chief Information Security Officer, Alex Stamos.
Well-known and respected in the information security industry, Alex has long been regarded as "the adult in the room" when it comes to Facebook's privacy policies. His departure, and the likely difficulties Facebook will face in finding an equally respected replacement, spells out the damage this incident has caused for the company and its brand.
We all know the maxim "a company's most important assets are its people" - well, this incident has cost Facebook a valuable asset, and one whose loss will be felt long after the media frenzy has faded from memory.
The normal conversation after a big privacy incident is focused on the tools, the impacts and the threats. This one is different.
The conversation isn't about the methods or the event itself, but about the level of trust that consumers place in the technology companies that are core components of our daily life. It's about the influence that bad actors can wield without ever violating laws or regulations.
We should all be taking a hard look at how we treat our customers and their information, not just on the level of requirements, but on the level of earning and keeping their trust and goodwill.