The last few weeks have engulfed us all – not only privacy professionals like ourselves – into one of the biggest corporate scandals of the new century. You can tell it is serious when after three long weeks, everyone is still talking about it. In this age of short attention spans, three weeks is an eternity.

What does Facebook-Cambridge Analytica have to do with Enron?

Even though at a first glance the similarities are not apparent, I believe that Facebook-Cambridge Analytica and Enron have a few things in common.

For the ones that are old enough to remember, the Enron scandal had serious implications in regards to the way that business financial management was conducted in the late 1990s and early 2000s. This corporate failure was the major catalyst for the enactment of the Sabarnes-Oxley Act of 2002.

According to Montage Portfolio, “companies operated on an outdated ‘honour system’ for annual filings in the pre-2000 crisis era”. This means that organizations – predominantly the publicly traded ones – were taken at face value when it came to reporting their financial statements. There were no clear rules to ensure corporate transparency or accountability. Does this sound familiar?

Fast-forward almost 20 years. If the first decade of the 2000s is being remembered by financial chaos, the second decade will always be remembered by data mismanagement. The first one brought the world down to its knees by wreaking havoc on the global economy; the second one is doing exactly the same by wreaking havoc on the global democracy.

Can we learn from our mistakes?

History repeats itself and we can see that similar measures have been put in place to correct course. The level of engagement by all different Data Protection Authorities and Privacy Commissioners around the globe after the Facebook-Cambridge Analytica issue broke out, has been outstanding. Accountability has been demanded both by government officials and by the public themselves. This time, this is not going to be swept under the rug. New and stronger privacy and data protection regulations are coming and that will make a huge difference.

By now, we all know that GDPR will come into effect on May 25th. This is a great measure to ensure that organizations respect the rights and freedoms of individuals.

Also, it was just announced that breach notification in Canada will be mandatory as of November 1st. And as time goes by, I am sure other jurisdictions will continue moving towards stronger rules when it comes to managing and protecting personal data.

Even in our consulting practice, more and more organizations are reaching out and asking us to help them understand what privacy management is really about and how to ensure they have the appropriate data protection governance in place.

Just like Enron was the catalyst for the SOX act, Facebook-Cambridge Analytica is becoming the catalyst for responsible and transparent management of personal data and the regulations that will support this stance.

Where do we go from here?

Awareness is building at the corporate and the individual level. Individuals have been looking into the data that Facebook holds on them, and are dismayed to find out how personal it gets.

Organizations like Apple are calling for stronger privacy regulations and touting their privacy practices in the process. In my view, if you have it, flaunt it. Make it a differentiator, a competitive advantage and most importantly, mean it, really mean it.

Great progress comes about through disruption and we have been witnesses to great disruption for sure. The results have been outstanding and we certainly live in the greatest times of all. But at the same time, if we don’t keep checks and balances on all of it, the unintended consequences of this progress can threaten the one thing that has made it possible in the first place: our freedom.

Press Release: Kirke Management Consulting Becomes STOP. THINK. CONNECT. ™ Partner

Read Article

Facebook-Cambridge Analytica: the Enron of privacy?

Read Article

Part 4: Ready… Set… Go! Achieving full GDPR compliance

Read Article

Part 3: Prioritizing GDPR Requirements

Read Article