By: John Danyluk, Associate Notes & Comments Editor
It is uncertain exactly how much information Facebook has about its users. The social media giant not only has all of the content uploaded by its 1.35 billion users, it has the information that could be obtained from the staggering 100 billion friendships among those users. So just how secure is this massive amount of private data, and what would the legal consequences be if a breach occurred?
Facebook suffered one such breach in June 2013.[1] Although the impact of this particular breach turned out to be relatively minor, it signaled a larger problem for protecting personal data on the internet. The glitch that occurred in 2013 exposed email addresses and personal phone numbers for contacts even if that data was not visible on Facebook itself.[2] Although Facebook corrected the problem within twenty-four hours, over six million users had their sensitive personal data exposed.[3] For these six million individuals, their reasonable expectation of privacy was infringed upon when sensitive details that were not shared on their public profile were not protected.[4]
A data breach not only puts Facebook at significant risk of a public relations nightmare, but it also may result in regulatory investigations from the FTC and civil liability to its users for negligence.[5] But Facebook would not be left without recourse, as it could institute civil actions under the Computer Fraud and Abuse Act and the Stored Communications Act (among other laws) against the perpetrators.[6] Additionally, the federal government would likely step in to enforce the criminal provisions of these acts as well.[7]
How can companies like Facebook, who are trusted with sensitive data, prevent data exposure in the future? In sum, these companies must have “strong security configuration management all the way from the servers through the applications and the user permissions assigned to the data.”[8] Users of these websites can help themselves as well, by minimizing the number of companies and apps that have access to their personal data.[9] By taking the time to understand privacy controls and removing apps that the user no longer uses, the threat of one’s privacy being invaded through a data breach can be curtailed.
[1] Tony Bradley, Facebook Breach Highlights Data Security’s “Weakest Link” Syndrome, PCWorld, available at http://www.pcworld.com/article/2043042/facebook-breach-highlights-data-securitys-weakest-link-syndrome.html.
[2] Id.
[3] Id.
[4] Id.
[5] Evan Brown, Six Interesting Technology Issues Raised in the Facebook IPO, Internetcases, available at http://blog.internetcases.com/2012/02/01/6-interesting-technology-law-issues-raised-in-the-facebook-ipo/.
[6] Id.
[7] Id.
[8] Id.
[9] Id.