Lessons From Facebook’s Data Privacy Stumbles

Meta (the parent company of Facebook and Instagram) is in the news, currently appealing a €390m ($413m) fine issued by the Irish Data Protection Commission for its choice of legal basis for processing personal information. But Facebook data privacy concerns are not new: The writing has been on the wall for Meta’s data handling for quite some time. In a Forbes article, our Co-founder and Chief Evangelist Stephen Cavey noted that:

With big tech continuously in the spotlight for data misuse — such as Facebook’s Cambridge Analytica scandal — individuals are becoming more aware of how their data is being collected and how it’s being used. As a result, many are starting to question who they share their personal data with and the types of businesses and platforms they subscribe to. The public scrutiny from major data breaches and increasing awareness of the potential to misuse an individual’s personal information provides an opportune time for consumer-facing platforms to capitalize on an opportunity to differentiate themselves from existing industry players.

Thanks to unsealed testimony from Facebook’s March 2022 hearings on the Cambridge Analytica scandal, Facebook engineers dropped a bombshell that stoked long-standing fears around Facebook’s data privacy and safety practices. They claimed it would be impossible for the company to determine or produce the full extent of data it stores for any given user or know where the data is within its systems.

Facebook Data Privacy Struggles Highlight the Challenge of Data Handling

While data privacy and visibility concerns at Facebook and parent company Meta are in the spotlight, it’s equally important to highlight data handling as a challenge across all industry sectors. Companies must continually manage the security risks caused by the increased sprawl of sensitive data across their systems. Employees handle sensitive or personal information in varying forms daily. The challenge for organizations is locating and verifying the security of this data — saved across local folders on workstations and laptops, in hidden, temporary and private folders, as well as in cloud storage environments, and are routinely shared via email and messenger apps.

This data could be hiding virtually anywhere. The number of possible hiding places grows as organizations and their partners lean into hybrid work as a new long-term operating model. Companies must now consider managing data in an era where devices, storage and employee communication occur both on- and off-premises.

Data discovery can play a key role by allowing businesses to fully map out the confidential and personally identifiable information (PII) data they’ve stored, labeling all data by type and its associated regulations. By detecting these various data patterns, organizations can then make evidence-based decisions to drive strategies relating to consumer privacy and ensure data is being held responsibly.

A Proactive Approach to Data Storage

CISOs must embrace the assumption that a data breach will likely occur during their time serving the company. They must think about when and how it will happen, not stop at if, so they can plan proactively to ensure an effective response.

If Facebook cannot account for its customers’ data, this failure undercuts any of the company’s efforts to promote data privacy. After all, without a holistic view of all data stored about individuals, setting standards and policies for data privacy and consumer trust is futile.

The Facebook engineers’ testimony should serve as a wake-up call for any organization to be able to account for where its data is stored and why. As data continues to increase in volume and proliferate across physical and virtual environments, organizations must ensure they have the capability to thoroughly inspect all local and remote data repositories to confirm what personal and sensitive data storage exists.

Data discovery provides CIOs, CISOs and other data management roles with a comprehensive scan of their entire digital ecosystem, no matter where data is located. With a deeper understanding of where data lives, how it is being secured and who has access to it, IT and security professionals can work together to remediate and protect data and ultimately eliminate this unnecessary risk.

Enterprise Recon by Ground Labs significantly reduces the time required to identify more than 300 data types, including predefined and variant forms that include sensitive, personal and confidential data from more than 50 countries. This capability empowers organizations to find, track, categorize and remediate all critical and sensitive data across their systems. Using Enterprise Recon, an organization can solidify its data privacy and compliance strategy with clear visibility of its privacy-related personal data and where it resides, enabling them to apply appropriate controls to ensure its security.

Book a demo with Ground Labs to enhance your response and become more resilient after a breach and ensure data privacy.