Office Document Strategies Blog

Control The Data You Collect Or Face The Peril Of Problems

Posted by Lee Kirkby on Wed, Apr 18, 2018 @ 07:04 AM

Facebook has lost $100B in value — and its money problems...

Facebook's value drops $40B as stock tumbles over data scandal

Facebook value drops by $37bn amid privacy backlash - BBC News

These headlines show the escalating impact of the knowledge of the loss of data from Facebook over just a few days. Privacy and data security

While most businesses are not faced with the magnitude of these numbers when it comes to handling the information that they hold in their various data bases the revelations associated with this big story have lessons for every organization which holds data on customers, suppliers, employees and others within their systems.

Privacy Commissioner's Facebook investigation expands to include AggregateIQ

The Canadian government is also in the game, looking at the implications of what happened in the Facebook situation and what it might mean for Canadians and Canadian businesses which could be part of the data.

Anyone who watched parts or all of the Senate Committee testimony by Facebook CEO Mark Zuckerberg will have been impressed by how he was polite, forth right and direct in his answers.  Of course there were times when he had to say he did not have all of the information to answer a question or to offer a solution to a problem identified but the overall impression was that he tried to be direct and take responsibility for what in the end was a big oversight on his part. 

Why do I say an oversight.  In pursuing its stated mission to provide a platform for people to share their information freely and then using that information to target advertisers interests to the people who provided that information, he forgot that there could be players out there who would try to capture the under lying data and use it for their purposes.  The basic Facebook approach and their philosophy of delivery over the years did not anticipate this but it happened.  The net result is that Facebook has taken a real back lash both financially and in public perception.

There have been calls for people to drop their Facebook profiles including from prominent business people because it was seen that protection of privacy was not given the weight it needed.  Legislative push back is coming in many jurisdictions and it means that Facebook will need to change its approach to its customers' information.

What lessons can be learned?

The first lesson is that all businesses which hold data that has not be generated internally by their own research or actions must think seriously about how they secure the information they hold.

A second consideration is whether there is data which has been collected which no longer has any purpose within the organization and which therefore might be suited for deletion.  Of course you must be careful to hold any information which is required due to government regulations or other requirements.  The default however is not to keep any information which you are not required to keep or which has no further internal benefit or purpose.  Purging to reduce your need to protect is a valued strategy which needs to be developed.

This kind of retention plan is a critical part of a document and information management process and should be considered in a formal manner by all businesses.  Once the statutory retention period, a client focused contractual period or long term business relationship (like an agency agreement or some other contract) expires then a retention plan should define how long before full deletion is mandatory.  This makes the deletion the default position not the exception and provides a much reduced risk and easier maintenance approach.

While most businesses do not operate a program like those of Facebook or other high data collection operations every business has components of their operations which can bring data security risks.

Part of every business's strategic plan should include evaluation of the potential of data risk and what to do about it.

Lee K 

DocUcapture - Canadian based Document file storage

Office Document Strategies blog signup

Topics: data security, paper filing, Canadian IT, it security