Compliance Culture

Practical insights for compliance and ethics professionals and commentary on the intersection of compliance and culture.

Corporate takedowns: Facebook and Cambridge Analytica

This is the third in a series of four posts about corporate takedowns.  The first post was about American Apparel.  Last week’s post was about Theranos.  Today’s post is about Facebook, focused on the recent Cambridge Analytica data sharing revelations.  The fourth and final post, on April 24, will discuss Gawker.

For an in-depth discussion of general compliance issues with Facebook as an online platform, check out this post.

In March 2018, The New York Times and The Guardian published a series of investigative articles exposing a data breach between the social media platform Facebook and the UK political consulting firm Cambridge Analytica.  This has incited a firestorm of controversy around data sharing, privacy expectations, online community moderation practices, and ethical standards for consumer protections by companies holding their data.

READ MORE

Round-up on compliance issues with online platforms: Snapchat

This is the fifth in a series of six posts on compliance issues with various online platforms.  The first post was about YouTube.  The second post was about Facebook.  The fourth post discussed Instagram.  Last week’s post was about Twitter.  Today’s post will cover Snapchat.  The sixth and final post in the series, on April 12, will be about Reddit.

Snapchat is an app-based photo and video messaging service.  Upon its initial release in 2011, Snapchat grew quickly in popularity due to its novel feature which allowed users to share messages that then disappeared.  This concept evolved from a person-to-person design to then include a chronological timeline of stories and content sponsored by brands, media groups, and influencers.

READ MORE

Selected TED/TEDx talks on privacy and reputation

In an increasingly inter-connected and digital society, challenges to privacy and reputation are frequent.  Even before social media put everyone at constant pressure to “overshare,” when people’s very personal details were not always a quick Google search away, privacy was still under threat.  A person’s visibility and public representations are often judged and demanded for credibility and honesty evaluations performed by employers, potential partners, members of the community, and even complete strangers.  Giving up privacy in favor of radical openness may be the way some reality stars have attained their celebrity, but for many people this feels invasive and like a violation of security.

In a broader sense, people’s individual privacy settings in terms of what they wish to share or disclose, how, and to whom, have a direct bearing on reputation.  Cultural practices around privacy and information sharing can give rise to serious reputational risk that impacts individuals and communities and frays the social fabric in which transparency is desirable or even possible.  These norms and ethical expectations are intensified in the digital age, where an individual’s personal information can never truly be deleted or taken back once it is made public.

READ MORE

Round-up on compliance issues with GDPR implementation

GDPR – the General Data Protection Regulation – is intended to establish a stronger, unified system of protection of personal data for individuals and businesses within the European Union. GDPR was adopted directly by the European Parliament, the Council of the European Union, and the European Commission on April 27, 2016. Following a two-year transition period, GDPR will become directly binding and enforceable as of May 25, 2018.

GDPR is an improvement upon the 1995 Data Protection Directive, intended to enhance control by individuals over their own personal data and accountability for organizations in how they collect, handle, and maintain it. The Data Protection Directive was implemented by individual law in each of the EU nations and therefore created a patchwork of standards and practices varying between the member states.   GDPR therefore is intended to simplify and integrate requirements in a more cohesive and competent supervisory model.

READ MORE