Honesty is the best data-management policy

The controversy surrounding Facebook shows transparency is crucial when handling a data breachFollowing the Cambridge Analytica crisis, Facebook serves as a cautionary tale for all businesses when it comes to data management. The lesson we have to learn is not about privacy and security, it’s about honesty. Given the US$ 37 billion worth of market value that Facebook lost in a day, it’s clear that reputational damage and a loss of consumer trust is a huge financial risk. 
 
Let’s face it: as malware threats increase and regulation tightens, it’s in a company’s best interest to view a data breach as an inevitability and prepare for it. A robust plan will include early disclosure and transparency about the failures of the systems in place. Facebook’s worst mistake wasn’t allowing a breach it was keeping that breach silent for three years. 
 
Facebook CEO, Mark Zuckerberg told the press: “This was a breach of trust between Kogan, Cambridge Analytica and Facebook. But it was also a breach of trust between Facebook and the people who share their data with us and expect us to protect it.”
The cornerstone of any crisis plan surrounding data is a having a secure information management process in place from the get-go. This means businesses must know where personally identifiable information is and how it is protected, from the instant of customer consent until the moment it is securely deleted. 
 
Helpfully, this is precisely what the EU demands of any organization holding a European Citizen’s data. As Simon Allen, CRM IMS Business Development Manager, explains, GDPR would have helped Facebook to avoid the breach in the first place: “GDPR laws would have meant that Facebook knew exactly what data was being shared with other parties and individuals should have been providing explicit consent for this at the point of signing up for whatever service they were getting. This alone would have made the story less damaging to Facebook.”
 
If a third party obtain personally identifiable information in spite of these safeguards, GDPR demands immediate and complete transparency. Simon adds, “GDPR will force organizations to have detailed plans in place to deal with breaches, both in terms of notifying affected individuals and the appropriate authorities. Facebook should count themselves lucky that this occurred before GDPR laws are in force; the fines, which can be 4 percent of global turnover, could have been massive for them.”
 
Strict compliance with GDPR will help companies avoid repeating Facebook’s mistakes. However, it’s the public, not just the authorities, that will stringently hold organizations to account for any failure to recognize the inherent value of personal data. Honesty and remorse in the face of a data breach are the best ways to demonstrate to customers that you can still be trusted.  
 
Crown Records Management can help you to get a handle on your data, streamline your information management processes and ensure GDPR compliance. Contact one of our experts for more information on how you could protect your company’s reputation.