Facebook's data breach investigation - what it means for the rest of us

Facebook could face up to $1.6b in fines over the latest in a series of data breaches by the social media giant. The Irish Data Protection Commission could launch a formal investigation into whether Facebook breached the General Data Protection Regulation (GDPR) in the European Union. Despite less than 10% of affected users located in the EU, the governing bodies are taking the stance that this breach could be the first true test of the data protection regulation launched early this year. 

While the EU may choose to proceed with a light hand in this case, its ruling should signal to every company in the world the level of seriousness to which they should consider data privacy. Any company doing business in the EU or conducting business with any EU citizen should be scrutinizing and building a program around the acquisition, use, and disposal of their customer data. In Facebook’s case, the likely severity of punishment will be directly tied to the level in which the EU feels that Facebook was forthcoming in its reporting of the breach, was proactive in anticipating potential breaches, and has been putting remediation measures in place to prevent future occurrences.

In the future, the response to data privacy breaches is not going to be limited to just the EU watchdogs.  California has implemented its own regulations, and there is a groundswell around the US adopting federal rules more stringent than its current patchwork of regulations.  Data privacy is fast becoming an area that every company should have represented in its strategic plan.

Clarity around this changing landscape is difficult to obtain, especially considering that regulators are feeling their way through an area that is relatively unfamiliar to them (evidenced perfectly by the ridiculous Zuckerberg senate hearings). Companies need to be focused on understanding the expanding definition of personal information as well as how each of its business lines is getting, storing, and using its customers’ information. The age of consumer data protection is upon us and each of us needs to be involved.