News just before Christmas that Facebook has been allowing advertisers and marketers direct access to personal data (and even private conversations) may well be cause for the U.S. to speed up its consideration to adopt GDPR privacy rules. This is according to Dr. Barbara Rembiesa, president and CEO of the International Association of IT Asset Managers (IAITAM).
Such a development would have a major impact on Information Technology Asset Management (ITAM) practices in the U.S.
IAITAM President and CEO Barbara Rembiesa commented, “The year 2018 has been a difficult one for Facebook. Between testifying before both domestic and international courts as well as the bad publicity surrounding the Cambridge Analytica scandal, one would think that Facebook would be careful how it handles and distributes personal information. This time, it turns out Facebook was selling access to your personal data. This includes private conversations.”
The data sharing deals which Facebook engaged in have been revealed to be especially liberal with their access to personal identifying information (PII). This PII can include everything from a user’s name and email address to their photos, birthdate, and even private Facebook Messenger texts.
The intent was to benefit everyone using Facebook. By having all of that information accessible by the various organisations, ads and marketing campaigns were supposed to be easier to tailor to their target demographic. However, this information sharing went far beyond the scope of what most people anticipated and has created a privacy crisis to which Facebook needs to respond.
Rembiesa added, “Advertisers and marketers used their wide-open access to harvest PII from Facebook users without the knowledge of the individual. As a result, some users of Facebook and other social media platforms are now looking for a solution to protect their data as well as their digital identity.”
“Those same people have looked at the EU and their sweeping regulation that turned the power and authority of protecting PII back to the individual: the GDPR. The recent Facebook discovery has people looking for the adoption of something like GDPR in the U.S. faster than anticipated. It seems that people feel they are able to make decisions about their personal data better than any company or organisation would.”
What would happen if the U.S. followed such a path?
Assuming a bill like GDPR is passed in the United States, the next question is how corporations will adopt the new regulation. Organisations in the European Union currently use Data Protection Officers (DPOs) for handling compliance, and many U.S.-based companies are actively recruiting DPOs in preparation for what is to come.
The IAITAM head said, “The good news is that organisations that have mature IT Asset Management programs already have the professionals needed under their roof. The roles and responsibilities required of a Data Protection Officer are a natural addition for an IT Asset Manager.”
“IT Asset Managers produce policies and processes and utilise best practices that care for software, hardware, and mobile assets. As Data Protection Officers, those practices would extend to personal identifiable information since such information is stored on those assets.”
According to IAITAM, when it comes to defending against breaches and hackers, 2019 will be the year asset management becomes just as vital as security.