Law suits concerning privacy and data breaches facing Facebook are precursor to the risks facing the tech & other companies that store/process personal data – to be more precise personally identifiable information (PIIs). US has been customarily reluctant to rein technology unlike Europe which has always shown inclination towards tougher privacy laws – recent example being the GDPR. Though even the US is witnessing a shift now - starting with ‘snowden revelations in 2013’, last years’ Equifax breach, and the recent Cambridge Analytica, all of which have led to whole new level of public discourse centred around protecting individual privacy & data. With US getting active on this front, though the laws are still to catch up with the data explosion, there are serious concerns for companies harbouring personal data.

There may not be any straight answers to Facebook’s responsibility arising out of Cambridge Analytica scandal. However federal fines, compensation to data subjects and structural changes are something that seem imminent. In all such cases of data breaches/leaks, the only thing relevant is that the information/data has got into the hands of third parties, for which there was no consent from the data subjects. This is enough to attract fines/penalty. Any entity holding data/information of individuals has unqualified obligation to protect the such data/information from being leaked and/or unauthorizedly used. The key to any successful strategy for a company like Facebook in such cases, even before the inevitable regulatory/judicial dicta start to follow, lies in undertaking ‘CPR’. Most of us are familiar with the abbreviation ‘CPR’ - ‘cardiac pulmonary resuscitation’ as a medical procedure, administered to person going into cardiac arrest. Here CPR stands for ‘Corrective, Preventive and Restitutive’ measures, aimed at resuscitating a legal person/entity instead. Proactively pursuing such measures may not necessarily lead to reduced fines/penalty. However, it does demonstrate bonafide and seriousness at the company level, which eventually for a company like Facebook would help preserve the brand and subscriber trust. After all, trust deficit can be more fatal for companies like Facebook.