Cambridge Analytica signature should have involved IT code of ethics

Not to defend Facebook, but we should be able to trust that companies have deleted data if they say they have. Especially if they have signed documents to that effect.

CNET reported that:

When Facebook learned about Cambridge Analytica buying 87 million people’s profile information without user permission in 2015, the social network’s executives said it requested the data be deleted. Facebook said that it received “certifications” that had happened, but now says it’s learned the U.K.-based data profiling firm lied.

Later, the article calls these actions a “light level of scrutiny.” Writer Alfred Ng does not suggest what the correct level of scrutiny would have been except to mention that the request did not require a notary or any sort of legal procedure.

This is not the last time data issues will happen. In fact it has happened again this month with Facebook, University of Cambridge and Alexandr Kogan and their myPersonality quiz harvesting data from 3 million people.  The original app that impacted 87 million people was called “thisisyourdigitallife.”  Facebook has been investigating apps for other misuse of data and so far has suspended 200 apps. If it is happening so routinely, there should be a routine response expected from social platforms.

Are we going to expect everyone to be clawing through everyone else’s files looking for traces of their data? There are also concerns about derived models.

So now we need to follow all the trails showing what they used the data for, the conclusions they came to and the actions they took from it? This kind of audit work is usually done by third parties.

In this case, it was not a third party. CNET also says:

During a Senate Judiciary committee hearing on Wednesday, Wylie, a former Cambridge Analytica employee and whistleblower who detailed the extent of the company’s data collection in March, told senators what that certification entailed.

Wylie said he received a letter in 2016 from Facebook, writing that they knew he still had data from Cambridge Analytica’s harvesting program, and asked him to delete it.

“It requested that if I still had the data to delete it and sign a certification that I no longer had the data,” Wylie said. “It did not require a notary or any sort of legal procedure. So I signed the certification and sent it back, and they accepted it.”

In an interview with CBC in March, a University of Colorado – Boulder assistant professor, Casey Fiesler, in the Department of Information Science argues Facebook could prevent the next Cambridge Analytica scandal if they gave researchers more access to data, which would open it up to academic review.

Do we want the standard procedure for a data breach to become more data being shared? There does seem to be an argument that there should be a watchdog or an audit process. The people involved have to understand the nuances of the IT platforms and know what appropriate data usage means.

Fiesler says “there have been a lot of calls for more ethics education, for computer scientists, for data scientists, for more ethical thinking” and she promotes a code of conduct for the tech sector. The U.S. does not have the legislation that we have in most Canadian provinces making the CIPS organization and their Code of Ethics the IT professional association that can certify in Canada.

There should be a certified IT professional that is required to do the review when you can’t trust a company’s signature.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada
Donna Lindskog
Donna Lindskog
Donna Lindskog is an Information Systems Professional (retired) and has her Masters degree in Computer Science from the University of Regina. She has worked in the IT industry since 1978. Most of those years were at SaskTel where she progressed from Programmer, to Business Analyst, to Manager. At one point she had over 48 IT positions reporting to her and she has experience outside of IT managing Engineers. As a Relationship Manager, Donna worked with executive to define the IT Principles so departmental roles were defined. As the Resource Manager in the Corporate Program/Project Management Office, she introduced processes to get resources for corporate priorities. In 2003 she was given the YWCA Woman of Distinction Award in Technology.

Featured Download

IT World Canada in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Latest Blogs

Senior Contributor Spotlight