By Eva Velasquez, CEO & President of Identity Theft Resource Center

The Federal Trade Commission (FTC) and Facebook, Inc. have reached a settlement regarding misuse of user data and privacy standards. The Facebook privacy settlement includes $5 billion in fines, the largest penalty in history for this type of offense and almost 20 times more than the previous record holder. This announcement comes just two days after the Equifax settlement was announced, another record-breaking fine of $700 million for a data breach.

The 20-year settlement requires Facebook not only to pay, but also to update their privacy policy and standards for all entities. This decision from the FTC continues to move the needle in the right direction for the industry. It says to businesses that consumer privacy matters and companies are expected to protect data from cybercriminals and would-be data thieves that seem to be acting as legitimate businesses. Failure to protect consumer data and privacy will have powerful consequences.

The Facebook privacy settlement comes a little over a year after the Cambridge Analytica security incident shone a light on the company’s policies. Typically settlements for consumer privacy issues are long processes and a two-year settlement is unusual. It is Identity Theft Resource Center’s opinion that the public can expect many more settlements to be reached over the next 18 months to two years given the current precedent that is being set with this week’s cases. Companies may be more likely to settle now before January 2021 after these two incidents of similar gravity have been finalized, especially given that they will not know what to expect under the potential for a new regulatory climate.

As evidenced by the two dissenting opinions, some professionals still feel that this is not enough to actually discourage the lack of seriousness toward protecting consumers’ privacy. The $5 billion Facebook will pay of the settlement is only about 9% of their total 2018 revenue. While the dollar amount is considered large, the percentage could be seen as merely a slap on the wrist for a company like Facebook. Fines and penalties should not be viewed as a cost of doing business and need to be severe enough to elicit effective organizational changes around privacy and security.

We should also focus on the additional mandatory privacy standard requirements of the settlement. The large monetary penalty gets most of the attention, but the evolution of privacy standards is just as, if not more, important. The framework includes creating a privacy committee, shifting the complete consumer privacy control away from CEO Mark Zuckerberg, holding individuals accountable with compliance officers, evaluating policy by third-party independent assessors and reporting incidents of misuse of data for 500 users or more. More segregation of consumer privacy decisions, systems of checks and balances and reports of misuse are important. We should not lose sight of this part of the settlement and continue to petition businesses to uphold rigorous privacy standards and protect consumer data.

We believe this is the tip of the iceberg and we will continue to see more of these types of post-breach settlement activities over the coming months. We truly hope that as industry and regulatory bodies sit down at the table, they keep the consumer/victim in mind. At the end of the day, it’s the individual that will bear the brunt of poor privacy and security policies by businesses

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Facebook Rolls Out Privacy Updates – Here’s How To Check Your Settings

New Tool Helps Consumers Make Sense of Data Breaches

What Does the Equifax Settlement Mean for its Data Breach Victims?