Wow. Facebook is in the news for all the wrong reasons. How does such a strong, capable company wind up in such a nasty situation? Let’s start by clearing the term “breach” from the stories and conversations around this incident. This is no more a breach than when you receive a call at work from “IT” and tell them your IP address then wind up getting hacked as a result! Facebook was duped, and it is not because they are stupid or careless. It is simply a sign of the times folks and it will get worse before it gets better. This is cultural on a global scale.
Our technology driven culture has evolved so quickly, on so many levels, it is hardly a surprise that we are challenged with these kinds of data problems. We use a wealth of data assets to derive future opportunities, see challenges that were otherwise hidden and report on trends that can help us steer the ship. All of this came fast and at a cost. That cost was our willingness to forgo strengthening foundations for, instead, pouncing on the opportunities presented by data. Big Data is the term of the century and everyone is competing just to stay relevant. I get it, you don’t want to be left behind. But what about your data?
Where are the efforts to ensure the raw data that is used to craft insight is fundamentally sound? Does anyone profile their data? Is it just too much of a hassle to employ data quality processes around your data assets? And what about security and privacy? Those are in great shape, so no need to worry about data management? Not a chance. Data Management is of paramount importance and soon you will all begin to see a new data wave rushing toward us; that of governance and management. Don’t believe me? Go ask Europe. As GDPR (General Data Protection Regulation) draws near, you are going to see an emphasis on the things security and privacy don’t quite cover. Take for instance, Article 17 of the regulation, Right to Erasure (or right to be forgotten). The language in the regulation leaves a lot open to interpretation but for the most part, if you have consumer data for the business you do in Europe and a citizen of the EU asks that you erase their data, you must do it and prove it has been done. But if you have not conducted data management activities such as data asset inventories and lineage efforts, how do you know you got it all?
This brings me back to poor old Facebook. A great company who obviously sees data as an asset. The failing is one of policy and policies are going to be your first line of defense with regulations like GDPR. EU regulators will want to know you are taking them seriously even if you have not yet had the time or resources to shore up all the holes in the dam. Don’t worry, everyone’s dam is riddle with holes, so this is not unique to you. For Facebook, I fear they just painted a target on their backs. If the folks in the EU were looking for an example to make, they may have just found it. Facebook asked that the data we are hearing about in the news be destroyed/forgotten/removed or whatever you want to call it. They were told it had been taken care of and that is where it was left (supposedly as I was not there so this is all here say.) The point is not to point fingers and punish Facebook. The point is that this is so common and we as technology leaders need to jump in and change culture.
Start by educating the organization. Get them interested, make learning mandatory just like we do for other assets we feel are important. We must take security courses. We must take HR courses. If we deal in finance we must take financial courses. Why then, if data does and means so much to us do we not take data management courses? Every person in your company does something with data. Do they know what data quality is? Does anyone understand metadata, taxonomies, ontologies, business glossaries and data strategies? I would say its time, how about you?
Oh, and one more thing. If you think GDPR is an EU challenge, I would bet money that US legislation will soon follow. Better get prepared now rather than when a regulator is knocking on your door, eh?