5 Takeaways for Entrepreneurs From Facebook's User Privacy Mistakes One of the world's largest, richest and most successful companies has botched customer trust and crisis communications.
By Manish Dudharejia Edited by Dan Bova
Opinions expressed by Entrepreneur contributors are their own.
Big data analytics is one of the most groundbreaking concepts to develop since the change of the millennium. Number-backed insights are more than just a pathway to business success; they are now an absolute necessity. Some experts even compare its value to that of gold or oil. Being as how the entire concept is still relatively new, much of what happens today in this arena is comparable to the Wild West.
Facebook is under fire for its failure to keep user data safe. In mid-March of 2018, the story surfaced that more than 50 million Facebook users' profiles (since updated to 87 million) were harvested by London-based political analytics provider Cambridge Analytica for a propaganda operation. What happened was a company called Global Science Research (GSR) released a personality quiz app on Facebook. This was used by approximately 270,000 people, all of whom had agreed to share their information. The catch was that the app collected the information of all of those people's friends, totaling 87 million+ users. GSR then proceeded to hand all that user information to Cambridge Analytica. The controversy began when it came out that the "friends" of the quiz app users had no idea that their personal information was being shared.
The story shed light on several of Facebook's major shortcomings, not least of which included shoddy privacy policies and lack of user transparency. The issue of data safety has been extremely prevalent throughout the past few years. According to the Cybersecurity Ventures, crimes of this nature are expected to cause damages reaching $6 trillion annually by 2021.
In regards to Facebook, mistakes at such a high level cannot be ignored. Here are five crucial lessons entrepreneurs can take away from this story.
1. Timeliness is everything.
Perhaps the biggest blunder of the entire Facebook debacle happened before Mark Zuckerberg even said a word. Once the uproar began, it took Zuckerberg five days to make a statement on the matter. With a story of that magnitude, the last thing the nearly two billion users want to hear is crickets.
The news cycle these days never stops and moves seemingly at light speed. Response time is an extremely delicate aspect of PR that must be handled with the upmost precision. On one hand, waiting too long lets the story get out of control -- news outlets, influencers and users will be making their own assumptions. On the other hand, if you respond too swiftly you risk speaking before you have all the facts in order. In this scenario, you may have to do some backtracking and/or end up contradicting your previous statement, risking further damage to your reputation.
As the face of the brand, you need to control the story, because otherwise the story will control you. While you want to respond as quickly as possible, the response needs to be well thought out and worded appropriately. Regardless of the scenario, five days is way too long.
In the face of any PR crisis, the key is to be prepared. Set up a protocol that you and your communications team will follow if (or when) disaster strikes.
Related: Mark Zuckerberg Has Been Doing Extensive Prep for His Congressional Hearing. Here's What to Expect.
2. Disclose what user data you have.
There is no hiding from the fact that customer data is a key component for business success. This can be used to understand customers on a personal level, how they consume content online, what their interests are, and most importantly, how to market your brand to them. However, there will always be a certain degree of tension between transparency and maximizing profits. As an entrepreneur, it can be tempting to choose the latter. However, a single slip-up can completely ruin the brand trust and credibility you have worked so hard to build.
In the case of the Facebook story, the ripple effect is likely going to have a bigger influence on the brand in the long run. As soon as the story broke, Facebook's user privacy practices were placed under a microscope. It later came to light that Facebook collects call and text logs from Android users. Even though the social media giant claims to have had consent, many people across the world were shocked by the sheer amount of personal information the site has on every user. As a result, Facebook is working to make it easier for users to see exactly what data they possess.
In the name of consumer trust, businesses are wise to be up front and open about the user data they harvest, as opposed to burying this information in fine print. At your data collection points, whether you are looking to acquire email addresses, phone numbers, payment information, social media logins or any other sensitive data, let the users know exactly what information they are giving your business and have them agree to it.
Furthermore, this is where you want to showcase your commitment to data security. Let them know that you will be encrypting every single bit of information they provide. Be open about the cybersecurity plan you have in place. For this purpose, you might consider hiring a data security expert to handle this.
3. Let people opt out.
One of the major aspects of the Facebook story is that people were unaware that their personal data was being used for political influence – something that is definitely not sitting right with the vast majority.
Generally speaking, from both a business and a consumer perspective, data collection for the sake of targeted ads and more personalized service is a good thing. According to Salesforce's State of the Connected Customer Report, the majority of millennials and Generation X consumers are willing to share their data for things like personalized offers, online shopping experiences and product recommendations. However, in the wake of the Facebook story, businesses should work to give the users more knowledge and control over the information they collect. Moreover, they need to make it a point that the user can opt out at any time.
In California, there is a proposed ballot measure called the California Consumer Privacy Act of 2018. This would require companies to disclose the personal information they collect, buy or share, as well as allow consumers to opt out of those practices. It would also prevent businesses from charging higher prices to those who make the choice to opt out. Lastly, this act would grant power to both residents and prosecutors to file civil lawsuits after a data breach.
In the "Age of the Customer," businesses need to give the power to the users and let them decide if they want to partake in the collection and trade of their personal data.
Related: Mark Zuckerberg Doesn't Seem Very Sorry or Very Forgiven
4. Be extra wary of data buyers.
Monetizing customer data is nothing new. Even though selling data to a third party can be a fantastic revenue stream, if you aren't careful, it could end up alienating your customer base. For this reason, businesses should not sell their valuable data to just anyone.
Unfortunately, there are a lot of shady data buyers and brokers out there. One of the major takeaways from the Cambridge Analytica scandal is that unauthorized data usage can lead to all kinds of abuse. That said, if businesses have the intention of selling customer data, they need to do thorough research on the buyers and brokers they choose to work with.
On the surface level, businesses can use their best judgment to determine whether the data they sell is inherently subject to abuse. For example, if the buyer has political or religious motivations, selling your data to them might damage trust with a good portion of your customer base.
There needs to be a clear agenda laid out for how third-party buyers plan to use customer data, as well as a checks-and-balances system to ensure they follow those plans. For businesses looking to sell their data, this process involves using seed records that give them the ability to monitor how their lists are being used, and to identify if the terms and agreements are being violated by the third party.
Related: Facebook's Brand Is Becoming the Uber of Social Media, and That's Not a Good Thing
5. Keep users in the loop.
In the past, Facebook has been less than clear-cut when it comes to keeping their customers informed about data management. In their response to the Cambridge Analytica story, they promised that all users would be notified of any misuse related to their personal data, both past and present.
Going back to the theme of data transparency, businesses need to make it easy for the average user to understand how their data is being handled. This includes notifying them of any hacks or breaches, contractual violations, which third parties have access to their data, ect. The issue with Facebook's privacy policies is that the user information they collect is buried and scattered across a number of pages, which is not ideal for most users. Currently, they are working to make several cosmetic changes to show users exactly how much of their data they collect and use.
Customers hate being lied to or left in the dark – which is another huge takeaway from this whole debacle. Businesses and entrepreneurs can learn from this and make sure their policies are not only easy to access, but spell everything out to customers in a way they can understand without ambiguity.
As it appears, it seems like this Facebook–Cambridge Analytica story is going to be the small stones that start an avalanche changing the way businesses approach their usage of customer data.
If you are running a business or are planning to start one, data management needs to be a top concern moving forward. People buy from companies they trust. Any misstep in handling their sensitive information can damage your reputation in a very irreversible way.