If you live in the United States, you can’t turn on the news without seeing at least one story about how Facebook ads influenced the 2016 election.
The U.S. isn’t alone in its concerns about how the social media giant affects national and local politics. Countries including France, Canada, and India have threatened tighter regulations or outright bans on the company—especially during election cycles—if it doesn’t create and enforce better information-sharing policies.
Until recently, most of Facebook’s negative attention has stemmed from the ease with which bad actors and unwitting users can disseminate false information on the platform.
However, after news broke that organizations like Cambridge Analytica—a voter-profiling company—were able to use the platform to harvest user data from 87 million profiles to influence their political choices (resulting in legal action), the company is facing increased scrutiny.
While you might be paying attention to this story as a media consumer because of its salaciousness, you should also be paying attention as a small business owner because of the lessons you can learn from it.
Consumer data protection can be difficult to navigate, especially if you don’t know the ins and outs of proper data governance, storage, or regulations. Protecting customer data, however, is the responsibility of every business.
Below, I’ll summarize how Facebook went wrong with its user data and lay out three lessons your small business can learn from their mistakes.
What happened at Facebook?
There’s a lot of stories about this scandal out there, and you don’t have time to read them all. Let’s break this situation down into its simplest parts:
- Facebook has a lot of user information stored on its platform.
- Users put a lot of that information onto Facebook’s site willingly.
- At this point, Facebook is 14 years old, and most of its one billion+ users are aware that advertisers have access to at least the basic information contained in their profiles.
- Historically, however, how much access users grant to information contained within their profiles—especially to third party apps—hasn’t always been transparent. In some cases, it has even been intentionally confusing.
- When Facebook found out that Cambridge Analytica misused user data in violation of Facebook’s policies, the company wasn’t up front with users about how widespread the abuse was. The company also failed to ensure (beyond receipt of a legal document) that Cambridge Analytica had deleted the user data it gathered after being ordered to do so.
While Facebook took steps to curb consumer data abuse in 2014 and is now attempting to make amends for the damage done by Cambridge Analytica, the social media company has made missteps along the way.
While it was Cambridge Analytica that violated Facebook’s policies, it’s clear that Facebook wasn’t prepared for what can, and should, happen when a third-party organization breaks the rules.
At this point, you’re probably wondering what the mistakes of a global, social media titan have to do with small businesses. Let’s take a look at three steps your small business can take to avoid misusing customer data.
Three lessons small businesses can learn from Facebook’s data misuse
As a small business, your day-to-day operations vastly differ from Facebook’s. But there’s still a lot you can take away from how Facebook (poorly) handled its users’ data.
1. Be transparent with your customers about their data
While you’re not collecting nearly as much information about your customers as Facebook collects about its users, you should still be transparent about your data usage policies.
Always be able to answer the following questions about your customers’ data:
- What data are you collecting from customers?
- How are you using that data?
- How are you storing that data?
- What are you doing to proactively protect that data from misuse?
- What’s the plan if something goes wrong with that data?
Asking and answering these questions internally with your employees helps ensure that everyone who handles sensitive data knows that your company has a policy, and what that policy actually is.
Once you’ve answered these questions, share most—if not all—of those answers with your customers. I’m not suggesting sending an email blast to your client list, but rather adding a page to your website where customers can easily access your data and privacy policies.
Will most of your customers access this information? Probably not.
Does it bode well for your company’s reputation for service and transparency to post it on your site? Definitely.
2. Get used to (and ready for) audits
I know the internet hasn’t been the Digital Wild West for quite some time, but there might be a new sheriff in town after this data misuse scandal dies down, given its global reach and influence on national affairs.
The European Union has already provided an example of multinational crackdowns on data usage with the GDPR (General Data Protection Regulation), which will go into effect in May 2018.
Facebook execs themselves seem to welcome regulation regarding user data. In an interview with CNN, Mark Zuckerberg said:
I actually am not sure we shouldn’t be regulated. I think in general technology is an increasingly important trend in the world and I actually think the question is more, what is the right regulation rather than “Yes or no, should it be regulated?”
Whatever the “right regulation” ends up being, expect more rules around what you can and can’t do with customer data, and anticipate increased audits once those regulations are hammered out.
If you follow through on lesson one, the good news is that you’re already working through the ethics of your data policies. If and when new regulations arrive, you can simply tweak your policies and data collection, storage, and protection methods to comply with any new rules.
The second bit of good news? You can conduct your very own internal audit before regulators even get to you! This handy resource breaks down the pros and cons of internal versus external audits, and includes a step-by-step guide to conducting an internal audit.
3. Losing control over data means losing money
In response to the Cambridge Analytica scandal, the party line from Facebook executives seems to be: “We have a responsibility to protect your data, and if we can’t, then we don’t deserve to serve you.”
Whether or not you find this statement sincere coming from Mark Zuckerberg and Sheryl Sandberg, your company should adopt a similar point of view and put it into practice.
The protection of customer data is a customer expectation. While large companies that experience data scandals (such as Facebook or Target) don’t have many comparable competitors for their customers to turn to, that’s far from the case for small businesses.
If your company doesn’t appear trustworthy or safe, your customers will become the competition’s customers.
Case in point: Last week, I wanted to order pizza from my favorite DC pizza place. I didn’t have any cash, and the restaurant wasn’t on Grubhub (a trusted site), so I went to their direct website…which looked like it hadn’t been updated since the early 2000s. There was no way I was going to enter my credit card number on that site.
My favorite pizza place lost a sale, and I was stuck with a subpar meal. Much like your customers, though, I’ll take the peace of mind that comes from knowing my credit card information is safe for one more day over risking my hard-earned money every time.
To avoid losing business in this increasingly cashless age, you need to step up your data-handling game ASAP. Otherwise, you might find you don’t have any customers with data you need to protect.
You can’t afford to make Facebook’s mistakes
Let’s face it: this third lesson is the most important for your business. While many users feel stuck using Facebook—either because they’ve invested so much time in its platform or there are few comparable social media sites—no one is stuck frequenting your small business.
Sure, this means that if something does happen to your customer data, it’ll affect far fewer people than Facebook’s missteps.
But it also means that unlike Facebook or Uber or Equifax, your service is nowhere near as ubiquitous. If you lose their trust, your customers won’t come back.
Start taking care of your customers’ data today. The EU is already imposing stricter data security regulations on small businesses. Odds are the U.S. won’t be far behind.