What the Facebook Debacle Can Teach IT

As I write this, Facebook CEO and Founder Mark Zuckerberg is in Washington, getting ready to testify before a joint session of the Senate Judiciary and Commerce committees on April 10 and the House Free energy and Commerce Committee on April 11. The committees are investigating both the utilise of Facebook to interfere with the 2022 Presidential election, and the loss of 87 million Facebook profiles to Cambridge Analytica. But viewed through an Information technology professional person lens, Zuckerberg'south testimony likewise serve nicvely as a roadmap of what non to practice when it comes to protecting your data, especially once you know something's gone wrong.

IT Watch bug art You're at least somewhat familiar with Facebook'due south current debacle details if only because it'due south impossible to escape the 24-hour news bicycle in which Facebook plays a key function. Simply lost in that are lessons that IT managers can use to protect their own data, their companies, and themselves. After all, finding your data hijacked by strange information miners is bad enough, just having it come out that you lot behaved badly after finding that out is certainly career limiting.

Protect Your Information...And Your Anatomy

Unfortunately, taken by itself, Zuckerberg's testimony isn't enough. Partly that'south because information technology'south short on specifics, and partly because it's broadly self-serving. He is, after all, trying to save important portions of his beefcake that are very much on the chopping block. With that in mind, here are some basic ideas that you might desire to remember when dealing with your marketing and legal departments nigh public-facing digital assets.

Adopt this mantra: Personal information is critically of import. It doesn't matter if it'southward a back-end system, such as a marketing automation suite, or a front-cease customer-facing instrument like an email marketing campaign -- any data gathered must be protected using the same stringent guidelines. Information technology as well doesn't matter that your customers or your employees or your users have given yous permission to use it, you must protect information technology as if it's the well-nigh of import data in the world. As you're seeing, if it comes out the data is misused, someone will come afterward you lot. Most likely many someones, and they won't exist interested in mercy.

Don't pass the buck. That didn't work at Nuremburg and it won't piece of work hither. If you're directed to construct large gathering engines for consumer, partner, or other versions of strange data, care for the projection like yous're the one who'll be ultimately responsible. Because in many cases, you lot only might exist no matter whose proper noun is atop the email memos. That means questioning the procedure, imposing best practices when information technology comes to access command, and not only making sure in that location is an access audit trail, but actually following information technology on a regular basis. Like at least once a quarter.

If You See Something, Say Something

Privacy that goes beyond personal information is also important. You have no concern spying on your customers without legal necessity, so if you're asked to practise that by someone upstairs, brand certain to question it and, if necessary, object. And while most It professionals certainly know they'll need to manage infrastructure and facilities with an center out for illegal activeness or even just activeness that goes confronting in house-usage policies, so many don't realize information technology's their responsibility to disembalm this. Not maxim anything is the same as being complicit. Know what the legal limits on surveillance are, and make certain your visitor adhers to that.

Post-obit customers when yous no longer need to is besides a negative practice, and it'due south unfair to anyone with whom your organization interacts online. When Uber decided to keep its app turned on to find out where their customers went afterwards they were dropped off, it was a huge violation of trust, and it rightly generated an every bit huge outcry. In Uber's case the terms of use didn't mention this, simply like so many ways in which the visitor driveling its position, it did this following non because it needed to, only to satisfy the curiosity of its CEO at the fourth dimension. When you lot meet violations like this in the making, say something.

Things Never Accident Over

When things go bad, don't continue information technology a secret. If you've had a data breach, you'll likely face pressure, at least intiially, to continue information technology a secret. Exercise yourself a favor and indicate out as presently every bit possible that this isn't a adept idea. Witness the case of Panera Bread, who ignored its rather massive alienation and left data available for months. Instead, gear up information technology as quickly every bit possible, and know your local legal obligations when it comes notifying the government. If you're asked to violate those obligations, talk to your legal section. When it's time to let everyone know, no doubt marketing will step up, only if information technology's left to you be open and as presently as possible let everyone affected know what happened.

Humorous mobile cloud computing conceptual image

Don't look and hope the problem will accident over. Facebook'southward executives waited for years, even after they knew about Cambridge Analytica internally, and even afterwards the news bankrupt that 87 million profiles had been compromised. People sympathize that breaches happen, but they don't sympathise when you don't fix the trouble. And they'll come after your favorite body parts if they find out you knew about information technology and didn't do anything. A big reason Zuckerberg is going through so much hell now is because the crew in his leadership squad advised him to wait, hoping the problem would get better past itself. Universal truth: Information technology never gets better past itself.

Equally information technology happens, Facebook did some things right, but I'll bet you have no idea what they were. The reason? The problems they acquired subsumed all else. For the tape, what they did correct included kicking out the IRA and closing down Russian fake news pages; but in the end, nobody cares what Facebook did right because people tin only see their own pain, and that was caused by Facebook. Facebook'south handling of these problems is high on the list of all-time bad examples, but it didn't start and stop with the senior leadership squad. These issues came from systemic abuses that crossed multiple departments, including marketing, legal, and, yeah, IT and development, too. It looks like Marking is going to accept most of the heat, just that's just for at present. These problems could hands begin sliding down the executive food chain at Facebook, and if such abuses happen in your organization there's no telling where the repercussions may brainstorm or conclude. Do yourseslf and your organization a long-term favor and make sure you lot speak upwardly most data breaches and abuses earlier those problems come back and roost on your desk-bound.