Data, Data Everywhere: Who Secures It and How It Is Used Is Now a Question of Brand and Organizational Survival
March 20, 2018 | By Melanie Dougherty |
How the loss and misuse of consumer data has led to the tarnishing, if not demise of once trusted brands like Facebook & Mossack Fonesca
The previous week has brought troubling news of a few scandalous corporate events swirling around the use and loss of consumer data. The events have ignited the ever-present debate about data control and privacy and the impact of a loss of data on corporate brand identity and reputation.
My interest about the afore mentioned issues was piqued by the Panama Papers data breach, which is classified as the world’s largest data breach with 11.5 million files exfiltrated from the fourth largest offshore law firm, Mossack Fonesca, which recently ceased operations due to the scandal. The following day, a very compelling article ran in the Guardian newspaper, “The Cambridge Analytical Files: ‘I made Steve Bannon’s psychological warfare tool’: meet the data war whistleblower”, (www.theguardian.com/news/2018/mar/17/data-war-whistleblower-christopher-wylie-faceook-nix-bannon-trump), detailing the chain of events and intricate web of connections that some believe has not only exposed the personal data and habits of 230 million unwitting American Facebook users, but manipulated that data to influence both the 2016 U.S. Presidential election, and the outcome of Brexit. Both are stunning events that have tarnished the brands and names of not just those individuals directly involved, but the organizations and brands they represent.
These developments lead one to ponder the larger question of data control and privacy: who ultimately owns the data we offer about ourselves, our relationships and habits, and who is responsible for the use and security of such data.
Data privacy is a topic those of us in the data, cyber security, legal, compliance, regulatory and brand communications fields grapple with every day. We regularly debate data ownership, security and use in our blogs, white papers, LinkedIn postings, on social media and at industry conferences. It is a debate further heightened with the impeding EU GDPR regulatory deadline of May 25, as our friends across the Atlantic, as well as global multinational companies, prepare for heightened security, broader data privacy guidelines and substantial penalties for the misuse of consumer data.
So, who owns our data and who is ultimately responsible for its safe keeping? One might argue, the individual is the owner of said data and has the ultimate right to its use, while the aggregator of our data is solely responsible for its protection, gaining informed consent of its use, and the monitoring of its use by third party vendors. The Facebook/Cambridge Analytical incident takes this question further, however. When a consultant, or contractor, has obtained consumer data for use in marketing or research, what are the extent of the responsibility to protect and properly utilize that data? Certainly, its use is well defined in the contract with the originating organization, as one would assume was the case with Facebook and Cambridge Analytical, but how is potential use or misuse monitored? What safeguards are in place to ensure that data is safe and not being exploited, as some assert is the case with Cambridge Analytical? The Guardian article and the man at the focal point of this crisis, Christopher Wylie, assert that those who have been accused of misusing consumers Facebook data (including Mr. Wylie himself), knowingly and strategically took advantage of the trust given to them by Facebook. However, when Facebook learned of the ultimate use of their members’ data in what Mr. Wylie and the article’s author, Carole Cadwalladr, call information operations, PsyOpps, or as Special Counsel Robert Mueller has called it “an information warfare” campaign to manipulate the outcomes of historic elections, the company simply sent a letter to Cambridge Analytical, but never followed up on that letter or asked for substantive proof the campaign of misuse had stopped. So, who is to blame? I would argue all are to blame; Facebook, Cambridge Analytical and the political operatives who allegedly orchestrated and paid for the PsyOpps campaign. Maybe consumers are to blame, too, as we freely and all too often absentmindedly offer up our most personal information for a “like” or “share”.
It’s time to not only continue the robust debate about data privacy, but thoughtfully consider our own activity on social media, as citizen consumers, employees and corporations. In the Cambridge Analytical and Facebook case, calls to testify before Congress have been made, lawsuits filed, hashtag campaigns commenced, and brands have been tarnished. But, in the case of the Panama Papers, the once revered law firm of Mossack Fonesca has closed its doors, proving some crises cannot be overcome.