KEMBAR78
Management Information System | PDF | Facebook | Privacy
Scribd
Upload
4 views4 pages

Management Information System

A few questions about the case

Uploaded by

shantanu.p26x
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
4 views4 pages

Management Information System

A few questions about the case

Uploaded by

shantanu.p26x
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Management of Information

System
A. Given the scope of the breach, what should Facebook's leadership
prioritize in their crisis response plan? If you were in Mark
Zuckerberg’s position during the Cambridge Analytica crisis, what
would be your immediate and long-term decisions to manage
public relations, user trust, and regulatory compliance?

Facebook's leadership priority in their crisis response plan should be on


communication and transparency. This should also include investigation
to identify any other vulnerabilities still lurking in the system.

In Mark Zuckerberg’s position during the Cambridge Analytica crisis,


following decisions can be undertaken-

Immediate Actions –

1. Communication and transparency - Issue a public apology


acknowledging the breach and taking full responsibility for the
mishandling of user data. Provide clear and concise information
about what happened, how it happened, and what steps are being
taken to address the issue.
2. Internal Investigation - Immediately initiate a third-party audit to
determine the extent of the breach and identify any other
vulnerabilities in the system.
3. Accountability - Suspend or terminate employees or third-party
developers who were directly involved in the breach. This includes
taking legal action against Cambridge Analytica and Kogan.
4. Regulatory Compliance - Fully cooperate with regulatory bodies
like the FTC and other government agencies. Provide all necessary
documentation and data to assist in their investigations.
5. Immediate Policy Changes - Implement immediate changes to data
access policies, especially for third-party apps, to prevent similar
breaches in the future.

Long-term Actions –

1. Strengthening Data Privacy Measures - Simplify and enhance


privacy settings to give users more control over their data.
Establish a routine of regular third-party audits to ensure
compliance with data protection laws. Adopt industry-wide best
practices for data protection and privacy.
2. Diversify Revenue Streams - Consider diversifying revenue streams
to reduce reliance on advertising, which is a major source of
privacy concerns. Subscription Model can be used in this regard
for removing ads based on premium offered.
3. Improving governance - Hire new independent directors with
expertise in data ethics to oversee privacy decisions of the
leadership team.
4. Rebuild user trust via campaigns about how their data is
used and how they can protect their privacy. Also, reports
mentioning data access requests from different agencies may
be published on periodical basis.

B. What were the key events leading to Facebook’s privacy breach,


particularly in the Cambridge Analytica scandal? Explore the
timeline of events that resulted in the data being improperly
accessed.

Key events leading to Facebook’s privacy breach -


i. 2007, Facebook opened its platform to third-party app developers,
so they could offer their games, quizzes, dating apps, etcetera. By
subscribing to third-party app services, users gave permission to
collect and consume their personal data.
ii. 2009, the default privacy allowed viewing of other users’ lists of
friends, even if users had previously set their privacy to keep these
lists private. Moreover, under Facebook’s modified privacy policy,
a large category of personal information – including the users’
names, profile photos, friend lists, liked pages/events, gender,
geographic region, and networks –became public, regardless of
user preferences. The revised privacy policy also gave Facebook
the right to allow third-party app developers and advertisers to
extract personally identifiable information when a user clicked on
an advertisement or used a third-party app.
iii. April 2013, Facebook announced that its new privacy program was
all-pervasive and incorporated users’ security in all aspects of its
service provision. Despite their efforts to protect users’ data,
Facebook retained one policy that rendered it vulnerable to
potential data abusers, that of allowing their vendors (i.e. third-
party app developers and advertisers) to collect data from users’
friends.
iv. 2014, Kogan already collected the data of users’ friends via his
personality app by the time Facebook changed this policy.
Facebook reportedly learned about the data breach at least two
years prior to Wylie’s exposé and demanded that Kogan and
Cambridge Analytica delete the users’ data.

PAGE 1
C. How did governments and regulatory bodies respond to
Facebook’s privacy breaches? Examine the role of regulatory
bodies like the FTC (Federal Trade Commission) and the
introduction of laws in the aftermath of the breach.

Response of government and regulatory bodies -

1. FTC -
 In November 2011, the U.S. Federal Trade Commission (FTC)
announced that Facebook’s privacy practices were “unfair and
deceptive” and compromised users’ privacy rights. The FTC issued
an order requiring Facebook to seek users’ “affirmative express
consent” before overriding their privacy preferences. The order
further required Facebook to “establish and maintain a
comprehensive privacy program” and specified that the company
would be audited every two years for 20 years. Independent third-
party auditors were tasked with certifying that Facebook’s privacy
policy and practices “meet or exceed the requirements of the FTC
order, and ensure that the privacy of consumers’ information is
protected.” Non-compliance would result in penalties of up to
$41,484 per day, per offense.
 On March 26, 2018 the FTC announced it would start a non-public
investigation to determine whether Facebook’s data handling
practices violated the terms of the 2011 consent decree. If so, the
penalty would be severe.
2. UK ICO - UK Information Commissioner’s Office (ICO) fined Facebook
£500,000 for failing to comply with the UK Data Protection Act.

3. US Government - In hearings on April 10 and 11, lawmakers asked


almost 600 questions. Interrogators asked Zuckerberg for information
on Facebook’s data analytics and data protection. The overall theme
of questions posed by Congress members revolved around Facebook’s
data monetization business model and company’s political agendas.

Role of regulatory bodies like the FTC (Federal Trade Commission) –

a. Enforcement and compliance of different laws including the 2011


consent order
b. Investigation into different practices of companies
c. Impose Penalties and Fines

The introduction of laws in the aftermath of the breach -

PAGE 2
i. General Data Protection Regulation - GDPR came into effect in
May 2018 and imposed stricter data protection requirements on
companies operating in the EU. It was not exactly in direct
response to Facebook's privacy breach.
ii. California Consumer Privacy Act - CCPA came into effect in
January 2020 and granted California residents new rights
regarding their personal data. This includes the right to know what
data is being collected and the right to request its deletion.

PAGE 3

You might also like