Thousands of Facebook applications have been reportedly transmitting data on users and their friends to third parties, including advertising and Internet tracking companies -- breaking Facebook's privacy rules.
Although the privacy breach wasn't intentional, as the information was taken from referral pages, it was still collected by companies that sold it to other firms. One company, RapLeaf, sold off information with complete user IDs, according to the Wall Street Journal.
Since last year, Facebook has been under fire for not protecting user privacy -- from its laissez faire attitude that underestimated users to the recent Groups feature -- Facebook just hasn't been taking it very seriously. For other social media or emerging tech companies, here are five lessons you can learn from Facebook.
1. Facebook's privacy controls don't work
While there's nothing wrong with Facebook selling ads that target specific groups or populations, there's also nothing wrong in selling user data or information, provided you are upfront about it. Facebook's precise problem is that it promises something that it really can't provide: privacy. While some critics say this is on purpose, citing Facebook's attempts last year to get users to share more personal information with the world, this latest privacy breach likely was not.
Facebook has attempted to protect privacy or alert users by creating one-time passwords or "Applications You Use", which shows users what permissions and authorizations are given to any of the thousands of Facebook games or services. But when it comes to data being bought or sold about a user, the company pleads ignorance.
2. Create a company task force to deal with the problem
While the data collection could be inadvertent, nonetheless a company as technologically savvy and well-staffed as Facebook should realize that such information was available. If any other company had been raked over the coals as often Facebook is over privacy, it would have created a privacy task force to deal with issues that emerged, and attempt to be proactive rather than reactive. At least it would have shown the company took concerns from the public seriously if nothing else -- but so far, there has been no effort to create a group or department dedicated to user security.
3. Technology companies can't be resistant to change
It's amazing that technology companies based in Silicon Valley that thrive on innovation can sometimes be the most resistant to change. Is it intellectual arrogance that makes a company like Facebook discount user complaints or concerns? Users are customers and all businesses need to hear them and respond, or customers may go elsewhere. One thing is for certain: While Facebook may be the "It Girl" of social networks right now, so was MySpace for a while.
4. Understand third-party apps and educate developers on privacy
Facebook can no longer sit back and hope that third-party applications do the right thing. The company has to take an active role in understanding what they do and what information is collected. They must also follow up with developers on how companies deal with referrers, and whether the data found that way will be sold to outside companies.
5. Don't be patronizing
Facebook's public statements have been less than understanding. They criticized the press reports as "exaggerated" and previously have been critical of privacy critics themselves. Facebook, unlike many other companies facing a crisis, never seems to be able to just say, "Sorry, we were wrong. We'll fix it."
At a time when the nation is in a recession and companies are folding, Facebook -- which by its own account became profitable in 2009 -- should be counting its lucky stars for its success. It should be giving more to its clients, and certainly with a lot less of the attitude.
Reach or follow Barbara E. Hernandez on Twitter: @bhern.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.