{"id":608,"date":"2018-04-10T07:32:49","date_gmt":"2018-04-10T12:32:49","guid":{"rendered":"http:\/\/www.k2dls.net\/blog\/?p=608"},"modified":"2018-04-10T07:32:49","modified_gmt":"2018-04-10T12:32:49","slug":"facebook-fails-the-third-party-risk-test","status":"publish","type":"post","link":"https:\/\/www.k2ie.net\/blog\/2018\/04\/10\/facebook-fails-the-third-party-risk-test\/","title":{"rendered":"Facebook Fails the Third Party Risk Test"},"content":{"rendered":"<p>Information security professionals often examine &#8220;third-party risk&#8221;.  Simply put, associations with business partners and contractors can present outside risks to the data, financial, and\/or physical security of an organization.  The risk may be contractors with access to secure areas or sensitive business processes.  The risk can be shared data in the temporary custody of a partner.  The risk can be virtual access to a network or a facility without adequate audit.<\/p>\n<p>Today I was informed by Facebook that my privacy could have been compromised because &#8220;friends&#8221; of mine used an application platform profiling app called &#8220;This is Your Digital Life&#8221;.  I wish I could tell you more or <a href=\"https:\/\/www.cbsnews.com\/news\/facebook-mark-zuckerberg-user-notification-data-sharing-cambridge-analytica-news-feeds\/\">show you the notification<\/a>, but in typical arrogant Facebook fashion, the notification was a fly-by.  It was presented on the screen of my smart mobile device.  I put the phone in my pocket and headed to my office to compose this piece, but once the Facebook feed refreshed I can no longer find it.  It is not on my notification list.  So much for transparency.  So much for ease of use.  Now you see it, now you don&#8217;t.<\/p>\n<p>So what does this mean?  Well, in this case Facebook allowed a third party that I did not authorize to access my profile data.  They allowed the third party because a second party (my Facebook friends) accessed an application that pulled the data.  They allowed this even though I opted out of the Facebook application platform and therefore had a reasonable expectation of data privacy.  Facebook fails.  And my mom was right.  You are impacted by the actions of your friends.<\/p>\n<p>What is the answer?  Take &#8217;em down.  Let&#8217;s see a class action lawsuit financially impact Facebook.  There are enough of us in this potential class that have, by Facebook&#8217;s own admission, suffered harm.  Congress is not likely to impose a satisfactory regulatory solution any time soon.  So let&#8217;s take it to the courts and show companies that a willful direct and careless violation of our data privacy will be the most expensive mistake that their companies can make.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Information security professionals often examine &#8220;third-party risk&#8221;. Simply put, associations with business partners and contractors can present outside risks to the data, financial, and\/or physical security of an organization. The risk may be contractors with access to secure areas or sensitive business processes. The risk can be shared data in the temporary custody of a &hellip; <a href=\"https:\/\/www.k2ie.net\/blog\/2018\/04\/10\/facebook-fails-the-third-party-risk-test\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Facebook Fails the Third Party Risk Test&#8221;<\/span><\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7,8,5,6],"tags":[99,96,97,98],"class_list":["post-608","post","type-post","status-publish","format-standard","hentry","category-infosec","category-media","category-politics","category-technology","tag-data-breach","tag-facebook","tag-privacy","tag-risk"],"_links":{"self":[{"href":"https:\/\/www.k2ie.net\/blog\/wp-json\/wp\/v2\/posts\/608","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.k2ie.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.k2ie.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.k2ie.net\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.k2ie.net\/blog\/wp-json\/wp\/v2\/comments?post=608"}],"version-history":[{"count":1,"href":"https:\/\/www.k2ie.net\/blog\/wp-json\/wp\/v2\/posts\/608\/revisions"}],"predecessor-version":[{"id":609,"href":"https:\/\/www.k2ie.net\/blog\/wp-json\/wp\/v2\/posts\/608\/revisions\/609"}],"wp:attachment":[{"href":"https:\/\/www.k2ie.net\/blog\/wp-json\/wp\/v2\/media?parent=608"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.k2ie.net\/blog\/wp-json\/wp\/v2\/categories?post=608"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.k2ie.net\/blog\/wp-json\/wp\/v2\/tags?post=608"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}