The tale of how Facebook exposed the data of 50 million users to a Cambridge Analytica researcher may shine a light on how business ethics and regulatory compliance issues are struggling to keep up with fast-moving technological advances.
It also shows that the more things change the more they stay the same when it comes to organizations that focus on commercial success without equal attention to governance and corporate responsibility, says Beth Haddock (www.bethhaddock.com), author of Triple Bottom-Line Compliance: How to Deliver Protection, Productivity and Impact.
“We often see gaps in business judgment when companies are managing a crisis of trust by its customers and the public at large,” says Haddock, who is also CEO of Warburton Advisers, a consulting firm that advises companies on compliance and ethical issues particularly when there’s a crisis.
The data breach happened a few years ago when 270,000 Facebook users took a personality quiz through an app that, without their knowledge, allowed the quiz maker to take their private information. The app maker was then able to access the data of those people’s Facebook friends, and provided the information to Cambridge Analytica, a data-analysis firm.
Now regulators in both the United Kingdom and the U.S. are asking for information about what Facebook knew and how it reacted after discovering the breach.
The case does indeed raise questions – and lessons for other businesses, Haddock says. Such as:
- Self-interest over obligation to consumers. Companies should not ignore their responsibilities to customers, Haddock says, but there’s an indication in this case that greater emphasis was placed on self-interest. For example, Facebook used a newspaper advertisement to try to mitigate the company’s legal liabilities, but didn’t address corporate responsibility. Facebook founder Mark Zuckerberg posted a timeline of events, but didn’t mention a 2011 settlement with the Federal Trade Commission that involved deceiving users about privacy protections. Finally, Facebook’s Code of Conduct says employees must represent the “best interests of the company,” but makes no mention of corporate responsibility to customers. “That’s an interesting foundation for a culture of 10,000 employees with access to powerful personal information,” Haddock says. “Imagine a Wall Street firm or a doctor whose code of conduct is solely self-interested, and what’s best for the investor or the patient isn’t considered.” Haddock says this arguably is an example of “fudge-factor thinking,” where people find ways to justify in their own minds questionable ethical decisions, and it’s something businesses need to be wary of.
- Compliance and governance. Haddock says it will be interesting to watch how Facebook’s compliance and governance program withstands scrutiny, especially against public statements that shareholders relied upon to invest in this public company. “This is a good reminder to other companies,” she says. “Assess whether your governance is built on a foundation of fudge-factor thinking. If it is, make changes before there is a foreseeable surprise that results from poor business judgment.”
- The data breach itself. This may serve as a cautionary tale for other American companies because regulatory agencies both at home and abroad could come down on them hard if they aren’t vigilant about protecting user data. Innovation is prized in the U.S. But when it comes to breaches of trust and information, Haddock says, caveat emptor may be a faulty premise for U.S. technology companies going forward.
“It’s important for management to ensure that the ethical values of an organization are not only consistently implemented,” Haddock says, “but are also integrated at every level of the business and reinforced by employee education.”
About Beth Haddock
Beth Haddock (www.bethhaddock.com), CEO and founder of Warburton Advisers, is the author of Triple Bottom-Line Compliance: How to Deliver Protection, Productivity and Impact. She has more than 20 years of experience as a compliance and business executive. Her consulting firm provides sustainable governance and compliance solutions to leading international corporations, technology companies, and non-profits.