Facebook has been fined £500,000 by the U.K. Information Commissioner’s Office (ICO) over the Cambridge Analytica data scandal, the first fine of many that the social media giant will be faced with in the near future.

News broke earlier this year that the personal data belonging to 87 million users was improperly gathered and misused by political consultancy firm Cambridge Analytica, the firm that worked with the Donald Trump election team during the 2016 U.S. presidential election.

Cambridge Analytica whistleblower Christopher Wylie told the Observer back in April, “We exploited Facebook to harvest millions of people’s profiles. And built models to exploit what we knew about them and target their inner demons. That was the basis the entire company was built on.”

The ICO’s investigation concluded that Facebook failed to prevent users’ data from falling into the hands of Cambridge Analytica and failed to be transparent about how the personal information of its users was being harvested by others, violating the UK’s Data Protection Act. In response to the data leak, Facebook has been fined by the ICO £500,000 ($664,000) – the maximum fine allowed by the UK’s Data Protection Act of 1998.

However, Facebook still has a chance to respond to the ICO's Notice of Intent before a final decision on the momentary fine is made. This is according to an ICO update claiming, “Their representations are due later this month, and we have taken no final view on the merits of the case at this time. We will consider carefully any representations Facebook may wish to make before finalising our views.”

The timing of this incident could not be better for Facebook. The ICO’s fine of £500,000 is imposed by the UK’s old data protection law, which was recently replaced by the EU’s General Data Protection Regulation (GDPR), which came into force on May 35, 2018.  Had this security incident occurred after while the GDPR was imposed, Facebook could have faced a maximum fine of 20 million euros or 4% of its annual global revenue, whichever was higher.

GDPR focuses heavily on the processes and procedures for acquiring, utilizing and handling personal data that is ‘lawful and fair’, but the cybersecurity dimension is undeniably critical in order to prove that you have ensured ‘appropriate security and confidentiality of the personal data’. Under Article 32 of the General Data Protection Regulation, Security of Personal Data – Security of Processing, controllers, and processors must implement the appropriate technical and organizational measures to ensure a level of security appropriate to the risk. This includes

  • The pseudonymization and encryption of personal data;
  • The ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services;
  • The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
  • A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

Complying with Article 32 requires both organizational and technical strategies. NNT can help your organization in several essential areas, including Change Management, privileged user monitoring, and automated log analysis.

The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

Netwrix
6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)


[email protected]
 

United Kingdom

Netwrix
5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023


 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2023, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.