A lesson for us all – Cambridge Analytica


The Cambridge Analytica fallout has been impressive, although Mark Zuckerbeg may see things differently, with $57 billion wiped from the value of Facebook less than a week after the story of third party usage of Facebook data broke.

The ramifications of this are wide, both on a personal level and also potentially on a national political level – but for businesses it is a wake-up call as to the implications of data, GDPR, and not only how YOU process your customer data but also WHO ELSE has access to it, and how much you know about what they do with it.

As part of GDPR, you are potentially liable for a breach of your customer data, even if this is via a third party.

Facebook have claimed that there was no data breach from them, but that the usage of their data by Cambridge Analytica was in breach of their agreement with a third party app developer – but let’s remind ourselves again about the $57 billion wiped off Facebook’s share value in less than a week. It seems that simply accepting third party assurances of what they are you doing with your data may not be enough.

What this means to you

Transparency is the key – Facebook apparently knew about this years ago and whilst they may have closed the loophole to stop it from continuing, they didn’t tell affected users (which after GDPR could be a very costly mistake) and didn’t bother to check whether the third parties involved had deleted the data as agreed.

It may be difficult for your average small business to check the data compliance of all third parties with access to your data, but you still need to know who they are, what data they have access to, and at the very least document any agreements that you have in place. For sensitive data you may need to verify their compliance, or seek independent verification. If you are working with third parties who can’t provide you with sufficient assurances, you may need to consider finding alternative suppliers.

After ensuring you have done as much as you realistically can be expected to, be prepared to be up front and tell anyone affected by a breach as soon as possible.

Ultimately the legalities of the Facebook/Cambridge Analytica fallout may take months to sort out, but regardless of the technicalities, their customers and shareholders have already given their judgement – trust takes a lifetime to earn, seconds to break, and foreever to repair.