Today, Facebook chief executive Mark Zuckerberg will testify before a joint U.S. Congressional Subcommittee amid growing concerns over individual data privacy, and specifically, that user data involving upwards of 87 million Facebook users may have been improperly by a politically focused data analytics firm. What eventually transpires because of these latest revelations will likely have indirect or direct impacts on industry supply chain customer data management and ownership practices.
As the scope and depth of Facebook’s lack of oversight of user data has become ever more visible, the social media giant has taken on a more repentant and long-overdue action-oriented persona. Statements include not taking a broad enough view of user data responsibilities, and not doing enough to prevent powerful new tools from being used for harm as well as good.  For Zuckerberg, such statements are starkly different than those made immediately after the 2016 U.S. Presidential election where the CEO seemed to dismiss any influence by his social media platform. The CEO has now admitted to a personal responsibility along with a personal apology. 
At stake in this week’s Congressional hearings is whether Facebook violated laws to safeguard user data, and whether the Cambridge Analytica incident may not be just an isolated incident. Zuckerberg has already indicated that the social media platform will now limit the amount of personal information that third-party data firms can access without additional approval, while at the same time, security and content-review staffing will reach upwards of 20,000 by the end of this year.  However, what is really at-stake is whether lawmakers trust social media platforms to police themselves or whether stricter regulation is appropriate to insure individual user privacy. Within opening-statements in this afternoon’s hearing, Senate Committee Chairperson John Thune described the current situation as a wake-up call for the tech community and that both sides need to know the stakes involved.
The European Union has already embarked on stricter standard related to user data with the passage of the General Data Protection Regulation (GDPR) planned to go into effect at the end of next month. The Economist had initially termed GDPR as the “Dodd-Frank of Data” which comes with increased rights of individuals to protect their personal data and stiffer penalties for companies misuse such data. The directive calls for companies to appoint a “data protection officer” who reports directly to top management and must be responsible for detailed “data protection impact assessments.” The implications of this regulation span beyond Europe if any company or organization collects personal data of EU residents.
There is now growing speculation as to whether U.S. lawmakers have the will to adopt a form of such legislation, following the lead of the EU.
Multi-Industry Supply Chain Implications
Within our Ferrari Consulting and Research Group’s 2018 Predictions for Industry and Global Supply Chains, we included a prediction indicating that cyber risk and information security safeguarding requirements would consume supply chain risk and advanced technology considerations. Our belief is that ongoing cyber-related risk and information security safeguarding will consume line-of-business, IT, and industry supply chain teams, not so much by choice, but from compelling needs dictated by stockholders, boards, and C-Suite executives.
Brand and reputational risk is now a significant top-of-mind concern for businesses and budgets will likely reflect supporting mitigation efforts as a top priority. We believe that such concerns will strain budgets and available resources and will especially consume the time and attention of procurement and supply management teams.
The latest revelations from Facebook, along with the continuing fallout as government and business interests gain more understanding of the growing scope of threats, will only add to the increased emphasis of having a defined and effective data protection plan for any major business. As we all know, data protections invariably lead to the supply chain, the often-identified weakest link in risk management because of the sheer end-to-end focus on customer or business focused data. With the increased adoption of direct business-to-consumer (B2C) online customer fulfillment, personal data protection becomes a more direct concern.
All this blowback obviously conflicts with the notions that customer data is the new strategic asset for businesses, an asset that can be mined for product or service demand sensing.  While sales and marketing teams continue to clamor for the capture of all customer experience interactions and data, very shortly, data protection and compliance teams will be scurrying to determine forms of adherence to data protection standards. Industry supply chain teams will likely be caught in the middle of such efforts, perhaps with conflicting directives as to how to collect or utilize individual customer data.
Our Reader Takeaway
The current headlines regarding Facebook’s loose data protections may seem to be the purview of social media or political events. They are not, and the building concerns of personal data protection will have direct or indirect impacts on industry supply chain initiatives, budgets and initiatives related to advanced technology adoption.
 
Bob Ferrari
© Copyright 2018. The Ferrari Consulting and Research Group and the Supply Chain Matters® blog. All rights reserved.