The tale of how Facebook exposed the data of millions of users to a Cambridge Analytica researcher may shine a light on how business ethics and regulatory compliance issues are struggling to keep up with fast-moving technological advances.
It also shows that the more things change the more they stay the same when it comes to organizations that focus on commercial success without equal attention to governance and corporate responsibility.
The data breach happened a few years ago when 270,000 Facebook users took a personality quiz through an app that, without their knowledge, allowed the quiz maker to take their private information.
The app maker was then able to access the data of those people’s Facebook friends, and provided the information to Cambridge Analytica, a data-analysis firm.
When the breach was revealed, regulators in both the United Kingdom and the U.S. began asking for information about what Facebook knew and how it reacted after discovering the breach. Facebook CEO Mark Zuckerberg was even brought before Congress for questioning.
The case does indeed raise questions – and lessons for other businesses. Such as:
Self-interest over obligation to consumers. Companies should not ignore their responsibilities to customers, but there’s an indication in this case that greater emphasis was placed on self-interest. For example, Facebook used a newspaper advertisement to try to mitigate the company’s legal liabilities, but didn’t address corporate responsibility. Zuckerberg posted a timeline of events, but didn’t mention a 2011 settlement with the Federal Trade Commission that involved deceiving users about privacy protections. Finally, Facebook’s Code of Conduct says employees must represent the “best interests of the company,” but makes no mention of corporate responsibility to customers. That’s an interesting foundation for a culture of 10,000 employees with access to powerful personal information. Imagine a Wall Street firm or a doctor whose code of conduct is solely self-interested, and what’s best for the investor or the patient isn’t considered. This arguably is an example of “fudge-factor thinking,” where people find ways to justify in their own minds questionable ethical decisions, and it’s something businesses need to be wary of.
Compliance and governance. It will be interesting to watch how Facebook’s compliance and governance program withstands scrutiny, especially against public statements that shareholders relied upon to invest in this public company. This is a good reminder to other companies. Assess whether your governance is built on a foundation of fudge-factor thinking. If it is, make changes before there is a foreseeable surprise that results from poor business judgment.
The data breach itself. This may serve as a cautionary tale for other American companies because regulatory agencies both at home and abroad could come down on them hard if they aren’t vigilant about protecting user data. Innovation is prized in the U.S. But when it comes to breaches of trust and information, caveat emptor may be a faulty premise for U.S. technology companies going forward.
It’s important for management to ensure that the ethical values of an organization are not only consistently implemented, but are also integrated at every level of the business and reinforced by employee education.
Beth Haddock, CEO and founder of Warburton Advisers, is the author of Triple Bottom-Line Compliance: How to Deliver Protection, Productivity and Impact. She has more than 20 years of experience as a compliance and business executive. Her consulting firm provides sustainable governance and compliance solutions to leading international corporations, technology companies, and non-profits.
© 2022 Newsmax Finance. All rights reserved.