MemberConnection Blog

26 April 2018

Learn from Facebook: Protect Your Users’ Data

Was Your Information Exploited?

When I logged into Facebook on the morning of April 10th, I found out that my data had been exploited by Cambridge Analytica. An inconspicuous banner appeared on the top of my home page to alert me.




When I clicked on the Get More Information button, Facebook took me to its Help Center.







The Help Center told me that my public profile, page likes, birthday, and current city had been illicitly taken by Cambridge Analytica. My posts, messages, and hometown may have been used as well. I wasn’t previously aware of the data usage, and I never gave Cambridge Analytica permission to access my data.

How Did This Happen?

The entire data exploitation began with a man named Aleksandr Kogan, and his company Global Science Research. Kogan built an application called, “This Is Your Digital Life,” and they paid hundreds of thousands of users to take a personality test. Kogan collected the data for academic use, but he also sold it to Cambridge Analytica, a data firm that worked for the Trump campaign.

Once Cambridge Analytica had the data, they exploited a loophole in Facebook’s application programming interface (API). The loophole allowed Cambridge Analytica to collect data from the friends of the quiz takers as well without the user’s knowledge. This is exactly what happened to me; a Facebook friend of mine used “This Is Your Digital Life,” and had their data willingly analyzed. But because of Facebook’s API loophole, Cambridge Analytica took my data too, along with the data of 87 million others. That’s equal to a quarter of the US population!

We’re still not sure exactly how much information Cambridge Analytica took, but we’re certain that the data was used to analyze the personalities of individual users, and deliver targeted political messaging.

What Happens Now?

On April 10th, Mark Zuckerberg, Facebook’s co-founder and CEO, testified before the Senate Judiciary and Commerce Committees. The following day, Zuckerberg testified before the House Energy and Commerce Committee. The idea of federally regulating Facebook was introduced, and regulation appears to have bipartisan support thus far. The call for federal regulation seems to stem from the global conversation taking place; namely what it means to share information, and how we can safely share our data.

What Does This Mean for Associations?

It’s unclear what the ultimate fallout from the Facebook/Cambridge Analytica data breach will be. One thing is for certain, the public is increasingly concerned with how their information is gathered and shared by the platforms they interact with. Association’s should be proactive in ensuring that their member’s data is well protected.

Here’s a few steps every association should take…

  1. Protect: Make sure your member’s data is stored in a secure environment. Ask your AMS vendor about the security measures in place to ensure your data isn’t compromised.
  2. Educate: Establish and train your association’s staff on basic digital security. Most data breaches aren’t as complex as the Cambridge Analytica example. Many cyber-attacks rely on basic phishing techniques to gain access to privileged information. Some basic security training can greatly reduce your exposure to a data breach. Your association’s data is only as secure as your least trained staff member.
  3. Inform: Be transparent with your members. Make sure they have a clear understanding of how your association manages, uses and shares their data.