Publishing experts tell us that, in retail loss prevention, cyber security and data protection are hot topics that we should cover regularly. Our experience tells a slightly different story. Historically, articles on these subjects have not typically “rung the bell” with our readers. OK, you say, “not a huge topic of interest for me.” But wait. You need to read this article.
Now it’s Facebook at the center of a huge and disturbing data breach crisis. What happened, and what are the ramifications?
It all began when it came to light recently that Cambridge Analytica, a political data firm hired by President Trump’s 2016 election campaign, had gained access to private information on more than 50 million Facebook users. The firm claims to offer tools to identify personalities of Americans and influence their behavior. Its clients have ranged from Mastercard to the New York Yankees to the Joint Chiefs of Staff.
According to the New York Times, the data collected from Facebook included details on users’ identities, friend networks and “likes.” Facebook has said that “no passwords” or sensitive information was taken.
Facebook is insisting that the Cambridge incident was not a data breach because the platform routinely allows researchers to access user data for academic purposes. Facebook users consent to this when they open an account. Instead, Facebook maintains that Cambridge crossed the line and broke the rules when they provided the information to a political consulting firm.
Cambridge Analytica originally denied that they had obtained or used Facebook data but changed their story a couple of weeks ago. They now claim they deleted the information two years ago when they realized they were in violation of Facebook’s rules. Facebook also said it had demanded and received certification that the data had been destroyed.
But now Facebook says it recently received reports that not all the data was deleted. The Federal Trade Commission is investigating whether Facebook violated a 2011 consent agreement to keep users’ data private. Some members of Congress have asked for a hearing on Facebook’s ties to Cambridge Analytica, and a British Parliament committee has asked Facebook founder and CEO Mark Zuckerberg to appear before them over the incident.
Rumors are circulating that hundreds of thousands of Facebook users are deleting their accounts, although Mark Zuckerberg says he has not seen a “meaningful number” of accounts being closed. To make matters worse, it has been revealed that a watchdog group warned Facebook in 2011 that relying on developers to follow information rules in some cases was not enough.
Regular readers of the LPM Insider know that we talk a lot about crisis management and crisis communication basics. Some of those fundamentals include:
- Have the most senior executive possible act as the company spokesperson—and quickly
- Immediately respond to major issues with candor and openness
- Show concern and empathy
- Closely monitor the developing situation on all forms of communication: social media, television and radio—and know what’s being said
So, how has Facebook handled this crisis, and how effective has their initial response been? Facebook has tried to stay out in front of the story and has issued multiple press releases in anticipation of increasingly negative news stories. Yet, initially, Mark Zuckerberg was completely silent. He even failed to show up at a highly publicized question-and-answer session for Facebook employees concerning the incident. Even Sheryl Sandberg, Facebook’s highly visible COO, remained silent. Their silence was a very serious strategic mistake.
Zuckerberg finally took to social media last Wednesday to update the Cambridge Analytica situation from the company’s perspective and say he was “really sorry” for the “major breach of trust.” Was it too little, too late?
Facebook and Zuckerberg missed a golden opportunity to immediately connect with its employees and users in a forthright and candid manner. That practice is a crisis management 101 basic. It’s amazing how many of the country’s most powerful and successful companies still miss those basics. Don’t let your organization be one of them.