5 Aug 2019
In the historic conclusion to a series of allegations involving Facebook’s privacy policies, the Federal Trade Commission announced a $5 billion settlement with the social media giant on July 24. But despite the record-breaking fine and an initiative to increase privacy oversight, the deal does not hold anyone at Facebook accountable—including CEO Mark Zuckerberg—and only requires a change in the way it makes disclosures and honors user settings. As it stands, the means by which Facebook collects user data will remain largely unchanged. Although it concerns a variety of lawsuits related to Facebook’s privacy practices, the settlement is due in large part to the Cambridge Analytica scandal, an incident from early 2018 when it was revealed that Cambridge Analytica, a British political consulting firm, had harvested data from millions of Facebook users’ profiles without their consent and used it for political advertising purposes.
The Fine PrintWhile Facebook’s $5 billion fine must go straight to the U.S. Treasury, the rest of the settlement requires Facebook to rework its internal structure in order to better review user privacy. This order extends to Facebook’s properties as well as its main service, including Instagram and WhatsApp. In addition to forming a new, independent privacy committee, Facebook must also designate specific officers to handle privacy compliance, and accommodate a third party who will regularly review their data collection practices. The settlement emphasizes that these entities responsible for privacy review operate completely separately from Facebook, and cannot be affected by Zuckerberg or other employees. In terms of the company’s higher-ups, both Zuckerberg and the compliance officers must receive quarterly and annual privacy certifications to submit to the FTC, at risk of civil and criminal penalties. Facebook will also be required to beef up their disclosures about facial recognition, establish a new data security program, and instill other important minutiae.
A Win-Lose Scenario?But despite the increase in supervision and restrictions on data collection, Republican and Democratic lawmakers alike seem to agree that the FTC fell short with its verdict. Massachusetts senator Edward Markey called the outcome “an insult to consumers.” Missouri senator Josh Jawley criticized it as “utterly [failing] to penalize Facebook in any effective way.” The FTC defended itself, pointing to its lack of legal authority when it comes to issues of privacy and user data, and called on Congress to make a change. While it might have been possible to get a better settlement, says FTC Chairman Joe Simons, and greater restrictions on Facebook’s data handling, their agency is not equipped to do so on its own. Notably, as of July 2019, there is no legislation specifically dedicated to general privacy regulations.
Don’t Settle For LessHow to secure your clients’ personal information is often the million-dollar question—or in Facebook’s case, the billion-dollar one. And in the world of healthcare, all it takes is one breach for your organization’s reputation, and your patients’ private data, to be irreversibly affected. With our comprehensive HIPAA Risk Assessment, you can evaluate all levels of your organization, including:
- Risk Management — Evaluate information and resources to ensure the capability to make risk management decisions
- Policy and Procedures — Ensure policies and procedures follow best practices and are properly implemented
- Infrastructure Security — Workstations, services, and server meet best practices security standards
- Network security — Ensure network is secure and properly monitored
- Data security — All PHI and data is secure and protected