The year 2018 has been a difficult one for Facebook. Between testifying before both domestic and international courts as well as the bad publicity surrounding the Cambridge Analytica scandal, one would think that Facebook would be careful how it handles and distributes personal information. In an ironic turn of events, leaked documents from Facebook[1] indicted them and had Mark Zuckerberg, CEO of Facebook testify before the U.S. Congress in April of this year.  Now the world is digging into another data fallout from Facebook. This time, it is how Facebook was selling access to your personal data.[2]

This includes private conversations.

These data sharing deals which Facebook engaged in have been revealed to be especially liberal with their access to personal identifying information (PII). This PII can include everything from your name and email address to your photos, birthdate, and even your private Facebook Messenger texts. The intent was to benefit everyone using Facebook.  By having all of that information accessible by the various organizations, ads and marketing campaigns were easier to tailor to their target demographic. The unintended consequence is that this information went far beyond the scope of which most people anticipated and has created an issue which Facebook needs to respond.

Certain companies had unfettered access such as Netflix, Spotify, Microsoft, Amazon, and Yahoo.[3] These companies used that access to harvest PII from Facebook users without the knowledge of the individual. Due to this backlash, some people are looking for a solution to protect their data as well as their digital identity. Those same people have looked at the EU and their sweeping regulation that turned the power and authority of protecting PII back to the individual; the GDPR.

Some have speculated that the GDPR (General Data Privacy Regulation) would be making its way into the United States after its adoption within the EU.[4] The recent Facebook discovery has people looking for its adoption faster than anticipated. It seems that people feel they are able to make decisions about their personal data better than any company or organization would.

Assuming a bill like GDPR is passed in the United States, the next question is how corporations will adopt the new regulation. Organizations in the European Union currently use Data Protection Officers (DPOs) for handling compliance, and many U.S. based companies are actively recruiting DPOs in preparation for what is to come. Fortunately, organizations that have mature IT Asset Management programs already have the professionals needed under their roof. The roles and responsibilities required of a Data Protection Officer are a natural addition for an IT Asset Manager.  IT Asset Managers produce policies and processes and utilize best practices that care for software, hardware, and mobile assets. As Data Protection Officers, those practices would extend to personal identifiable information since such information is stored on that those assets.

Social media giants have had unprecedented access to individual information and have shown that it is part of their revenue models. As such, these organizations will begin to feel the constraints of legislation as more and more of these practices are revealed. With any regulation or law, it takes time to trickle down from the public to the private sector. The U.S. version of the GDPR is just the next piece in a long line of legislation that will likely impact domestic organizations in 2019.[5]


[1] Meredith, Sam. “Facebook-Cambridge Analytica: A Timeline of the Data Hijacking Scandal.” CNBC, CNBC, 10 Apr. 2018,
[2] Guynn, Jessica. “Facebook Emails Suggest Company Explored Selling People’s Data despite Pledges Not To.” USA Today, Gannett Satellite Information Network, 5 Dec. 2018,
[3] X, Gabriel J. “As Facebook Raised a Privacy Wall, It Carved an Opening for Tech Giants.” The New York Times, The New York Times, 19 Dec. 2018,
[4] Rashid, Fahmida. “Congress May Consider a U.S. Version of GDPR.” Decipher, 9 Nov. 2018,
[5] IAITAM. “IAITAM’s Predictions for 2019.” IAITAM, 19 Dec. 2018,