Breach Breakdown: Don’t Pull a Facebook
In late March 2018, the world wide web was shaken up by the news of a massive data breach that occurred three years earlier on Facebook, one of the largest and most widely populated social media platforms in existence. The data breach, perpetuated by UK-based political campaign-driven data collector Cambridge Analytica (CA), was initiated by a series of surveys conducted via Facebook by University of Cambridge researcher Alexandr Kogan. Covered up for three years by Facebook and CA executives alike, the breach was brought into the public sphere by New York Times and The Observer stories featuring whistleblower Christopher Wylie.
Broaching the Breach: What Happened
Alexandr Kogan, a psychological researcher at Cambridge, constructed a Facebook-based personality profiling app that collected public information from users who elected to take the survey. This extended to the gathering public data of the friends of users who took the survey (a data collection procedure banned by Facebook’s Terms and Conditions in 2015), plugging it into an algorithm that calculated their psychological profiles. These profiles were intended for Kogan’s private research and to satisfy the curiosity of the users who elected to have them constructed. However, they-and the Facebook profile data from which they were constructed-were sold by Kogan to Cambridge Analytica in 2015. CA, hired by both the Trump Presidential campaign and by pro-Brexit organizations, subsequently employed the information of nearly 50 million Facebook users in political campaign targeting, determining from users’ confidential psychological profileswhat information would be most effective in cultivating their support.
Since Christopher Wylie, co-founder and former employee of Cambridge Analytica, came forward with this account, journalists have uncovered that Facebook executives (including, of course, Mark Zuckerberg) were aware of this breach virtually from its occurrence, electing not to reveal its existence to users and making minimal preventative changes to the site’s Terms and Conditions.
Aside from standing at the center of the world’s most vitriolic data breach since Equifax, Mark Zuckerberg has lost billions of dollars of his personal fortune, in addition, to even more billions’ worth of money in Facebook’s rapid devaluation since news of the breach broke. The CEO, who released an apology five days after news initially broke, has agreed to testify before Congress regarding the scandal after multiple invitations. The exact future of Facebook is uncertain, but if its rocky present is any indication, it’s going to be a rocky road for Zuckerberg and his colleagues.
The Invisible “U” in “Data Breach”
In this day and age, the protection of data is increasingly precarious, and the fallout should that protection fail is capable of taking down even the most powerful platforms. Although your firm may not have 50 million users quite yet, the same reliance on data protection applies to the success of your business. Cybersecurity is no longer a luxury for legal professionals (or, really, anyone): it is a necessary precaution to take in light of the very real- and logistically devastating- existence of data theft. You wouldn’t drive a car without insurance; you shouldn’t operate your practice without taking care to ensure that the information your clients entrust you with is thoroughly protected. Even the most detail-oriented firm owners are human and, consequently, capable of oversight; it can’t hurt to double-check and make sure that you’re covering all of your bases– and then some.
The fallout from Facebook’s Cambridge Analytica data breach, although vicariously painful to watch, is a natural sequence of retribution for company owners who follow up oversights and sloppy policies with deception. Mark Zuckerberg will have to answer for his social network shortly; if we’re honest, the reckoning has already begun. However unpleasant, the Facebook data breach is a prime opportunity for business owners everywhere–particularly those handling sensitive client information–to take note and take the necessary measures to avoid similar fates. The massive corruption of the trust Facebook users placed in their formerly favorite platform is undeniable, and it is a privilege the network will have to work wonders to gain back (if that’s at all possible). By taking the greatest care to protect your clients’ sensitive and privileged information, you’ll avoid experiencing such an unfortunate (but warranted) downfall.