Things aren’t looking too great for Facebook this week, or this year, really. Another lapse in security has been discovered, and it’s a big one. On the bright side, a new study shows that higher-ups are starting to get serious about privacy. Read on for this week’s data privacy recap.
Another 540 Million Facebook Users’ Data Has Been Exposed
On Wednesday, researchers from the cybersecurity firm UpGuard shared a new damaging revelation. They discovered two massive troves of exposed Facebook user data that had been posted on Amazon cloud servers. Among the exposed data were users’ passwords, names, comments, and likes. All in all, more than 540 million user records were left sitting out in the open. The two troves of data can be traced back to two app developers: Cultura Colectiva, and an app called “At the Pool.” The former is a Mexican company, and the latter is an app that’s been defunct since 2014.
Although Amazon and UpGuard reportedly contacted Cultura Colectiva in January, the data wasn’t taken down until this past Wednesday. This lack of action by Facebook is indicative of their failures over the past few years in general. The numbers of people affected by each of Facebook’s privacy blunders are now unbelievably large. First it was 87 million, then another 30 million, and now another 540 million. The truly unfortunate takeaway from all of this is that there’s not much that can be done for these victims. Once that data has been exposed, there’s no getting it back. And that data could be used now, or 5 years from now, to wreak havoc in a multitude of ways.
New study shows broad support for federal privacy legislation
So with breaches becoming ever more prevalent, many companies and advocates are looking for stricter legislation as a solution. In fact, a new study from Integris software indicates that four in five of corporate America’s top technology officials support a federal privacy law despite compliance concerns. The 2019 Data Privacy Maturity, as it’s called, analyzed responses from 258 mid to senior executives in IT, management and risk and compliance shops from U.S. companies with at least 500 people. Interestingly enough, only four in ten respondents believed they’d be able to comply with strict legislation with the European Union’s General Data Protection Regulation. So the consensus seems to be that tech leaders want stricter data privacy even if they’re not fully ready for it.
Despite the proliferation of high-profile data breaches and investigations, the survey indicates suggests that a majority of companies are still not operating as safely as they should. 45% of respondents said they had to access more than 50 data sources to fully assess private data. Less than half of respondents said they take an inventory of personal data more than once per year. On the bright side, though, a growing minority, or about 40%, said they were “very confident” or “extremely confident” they could know exactly where their sensitive data lies. And things do seem to be moving in the right direction. More than 80% of respondents reported securing data privacy management funding. PLus, 88% of respondents said they are increasing their data privacy management budgets over 2019.
FTC publicly asks for more data privacy funding
Unfortunately, while many organizations are securing more data privacy funding, the Federal Trade Commission opened up this week about their current lack of manpower. The FTC on Wednesday told Congress that it only has 40 full-time employees dedicated to overseeing internet privacy and data security. The number seems shockingly low considering the wealth of security concerns currently on the table. They followed up this admission with an open plea for lawmakers to give them resources to adequately police tech companies. This is not a partisan issue, believe it or not. FTC Chairman Joseph Simons is leading the charge, and he’s a Republican appointed by President Trump. In an open letter to House leaders this month, he emphasized just how far the US lags when it comes to data policing.
“For example, the U.K. Information Commissioner’s office has about 500 employees, and the Irish Data Protection Commissioner has about 110 employees,” Simons wrote. “Although these entities have somewhat different mandates, the contrast is stark.” This letter came as a response to a previous letter which was sent out by Reps. Frank Pallone Jr. (D-N.J.) and Jan Schakowsky (D-Ill.). Concerned over the aforementioned proliferation of security concerns, they frankly asked the agency if they needed more resources to be able to effectively hold companies accountable for abusing or mishandling consumers’ data. According to the FTC, an additional $50 million would allow the agency to hire 160 new staffers.
New study further challenges Facebook ad practices
Although we reported in late March that Facebook had taken further steps to avoid discriminatory ad practices, a new batch of research shows that there’s still work to be done. The report was a joint effort conducted by Northeastern University, the University of Southern California and digital rights nonprofit Upturn. The report suggests that despite a series of changes, Facebook is still engaging in forms of ad-targeting discrimination. Back in 2016, Facebook shut down a targeting feature that had previously allowed advertisers to exclude users whose behavior on the site supposedly linked them to particular racial and ethnic groups.Then, in August 2018, Facebook killed 5,000 ad-targeting options in what it said was a bid to combat discriminatory and abusive practices.
Finally, last month, the company axed age, gender and ZIP code-related targeting in as they pertained to housing and employment ads. That push came as the result of a settlement on five discrimination lawsuits filed by the National Fair Housing Alliance, the Communications Workers of America and other advocacy groups. The new study shows that Facebook’s automatic ad targeting systems can still engage in forms of discriminatory ad practices around race and gender, per a new study reported by Adweek. Researchers deliberately controlled for different aspects of the campaigns, and Facebook still delivered the ads to different audiences. And in one example, the study saw ad delivery discriminate in regards to race. While this revelation feels like another setback, it’s important to include that Facebook openly said in a statement that it’s considering enacting more changes in response to the findings.
What do you think was the most important data story of the week? Leave
us a comment below.
Stay in-the-know with the top data news brought to you by BIGtoken at the start of every week.