SEC Investigating Why Facebook Didn't Disclose Cambridge Analytica Data Breach

After reporting earlier this month that the Securities and Exchange Commission had joined the federal investigation into Facebook over its failure to disclose Cambridge Analytica's misues of user data, the Wall Street Journal revealed on Thursday exactly what the agency is investigating.

Facebook

In keeping with its mission to police securities markets, the SEC is looking into whether Facebook's failure to warn investors about the potential for third-party developers to misuse their data represents a violation of disclosure laws.

The SEC has shown greater interest in recent months in probing data-security breaches and lapses. The agency has taken the position, most recently in a case filed against Altaba Inc., Yahoo Inc.’s successor company, that public companies must disclose material data leaks or breaches they know about. Telling investors that such incidents could happen isn’t good enough.

The Justice Department and the Federal Trade Commission are also probing the data leak and how Facebook and other parties handled it. The FTC is probing whether Facebook violated terms of an earlier consent decree requiring the company to get user consent for collecting personal data and sharing it with others.

The SEC is probing whether Facebook should have disclosed to shareholders its knowledge of the Cambridge Analytica violation in 2015, when it learned that Aleksandr Kogan, a professor at the University of Cambridge, had improperly shared data in 2014 for as many as 87 million Facebook users with Cambridge Analytica.

Essentially, the crux of the SEC investigation is whether the fact that Cambridge Analytica improperly used Facebook user data represented material information that should've been disclosed to investors.

Facebook officials believed in 2015 that what they discovered wasn’t material information for investors, because the data shared with Cambridge Analytica wasn’t as sensitive as other types of user data that Facebook keeps, such as some users’ payment information, a person familiar with the matter said. The Cambridge Analytica data included information on people who downloaded a personality-test app Mr. Kogan developed as well as some details about those people’s friends.

One former SEC enforcement attorney told WSJ that if Facebook was "making money" from its developer relationships, then not disclosing the misuse could "raise red flags."

John Reed Stark, a former SEC enforcement attorney who is now a cybersecurity consultant, said the agency could find fault with how the company reported the incident. "If Facebook is earning revenue from contracts with third-party vendors that misuse private member data, yet failing to disclose that these contracts potentially violate global and U.S. privacy laws as well as whatever terms of use Facebook maintains with its members, this could raise a red flag for the SEC," Mr. Stark said.

While securities laws violations are never ideal, Facebook has much bigger things to worry about than an SEC fine which - judging by its treatment of the financial services industry - will amount to a few hundred million dollars, at most. The company should be far more concerned with the other agencies that are investigating the Cambridge Analytica "data breach". These include the FBI - which of course has the power to bring criminal charges - and the FTC - which could theoretically bring trillions of dollars in fines against Facebook for data privacy violations.

In other words, while the SEC can at most give Facebook a slap on the wrist, the other agencies participating in the investigation have the authority to potentially bring down the company.

Comments

Obamanism666 Thu, 07/12/2018 - 18:34 Permalink

Facebook did "inform" the Shareholders when Marky Z sold off millions of shares after finding the Breach. The SEC just do not know this type of annocement. This is Called Insider knowledge

Chippewa Partners Thu, 07/12/2018 - 21:09 Permalink

I steal a ham sandwich I go to jail.    

Zuck frontruns dumping large blocks and the SEC looks into it.

Extraction is the key word here.   SEC is foaming to make some big score.

They wouldn’t do shit to Corzine!

 

 

KuriousKat Thu, 07/12/2018 - 22:06 Permalink

Andy Weissmans Wife Works there, right after the weiner lapop got squelched..FB will all be right. Skate in fact.. & will make the usual mia culpas  .These people covered all the bases. Nothing will happen..CIAS cayce worked there too..played games with all the corps shaking them down even though innocent..Laughed about it all the way to his appt to the CIA. Mark is like their prodigal son..a golden child