What Tech Companies Can Learn From Zuckerberg’s Congressional Hearing

A couple of weeks ago Facebook founder and CEO Mark Zuckerberg came before the U.S. Senate and House of Representatives for two days of Congressional hearings. The focus of the hearings was to address the recent concerns for consumer privacy, in light of the Cambridge Analytica scandal. Questions from the senators and representatives ran the gamut from privacy to the building blocks of the internet.

Though the focus of the hearing was clearly on Facebook’s privacy errors, the hearing has much broader implications for all companies. This is one of the first times in recent years that the legislature has taken very serious steps to create new internet regulations, and we can expect to hear more about privacy and data regulation in the near future. That being said, there are two big takeaways from these hearings that apply to all companies.

1. Privacy

We are in the information age, where user data is king. Many companies are seeking to provide a custom tailored experience to every user. This requires that companies gather data on their users to tailor their content. Facebook repeatedly came under fire for two key areas related to privacy: unclear disclosure/controls for user data and overexposure of user data through APIs:

Unclear Disclosure/Controls for User Data

Companies need to make sure their users have a clear understanding of what data is being kept and how to control that information. This can seem like a daunting task, but a good place to start would be to evaluate the applications against an existing set of standards.

Open APIs

Outward facing APIs are at the core of many companies’ business models. Many of the fears associated with regulating a company’s APIs are the impacts on innovation within the development team and the impact on the consumers of those API’s. In a previous post, Jason Goth, Partner and VP at Credera, helps to outline how to not only govern API development, but also enable it, showing that innovation and governance don’t have to be at odds.

2. Response Time

Another central theme of the hearing was the time it took Facebook to take action after they discovered they lost user data and publicize the information. A company’s ability to respond to data breaches and be able to communicate these breaches to the affected parties is vital. At this point in time it is not if a company will come under attack, but when. Having systems to respond rapidly and take stock of the damage is a must have for all companies.

One way to implement and test response time is for a company to attack itself. Netflix likens this practice to changing a tire:

Netflix will regularly pop its own tires, by using its open source tool Chaos Monkey, a tool that will randomly bring down areas of the application, in production. Thereby testing their application for the worst-case scenario while their developers are able to respond quickly and address the most vulnerable areas of the application. By “changing the tire” regularly, Netflix has the confidence and know-how to address issues head-on and the ability to identify affected areas and users.

Being Prepared

Tech companies need to be aware of privacy and response time and be prepared to answer uncomfortable questions in the public spotlight if something goes wrong. Ideally, tech companies could prevent an issue entirely, but even having good answers will help minimize any potential fallout.

Please feel free to contact us at findoutmore@credera.com if you have questions or would like more information on any of the topics discussed above.

• Web Security
• Digital Security
• Open APIs