Hot on the heels of the Facebook data breach scandal earlier in the year, Google has followed suit with an uncannily similar controversy. On Monday, October 8, The Wall Street Journal reported that Google Plus, Google’s social network platform, had suffered, and failed to disclose, a massive data breach.
- A software glitch exposed the private data of hundreds of thousands of Google Plus users between 2015 and March 2018
- The glitch gave 438 third-party developers potential access to Google Plus users’ private data
- Google’s legal and policy staff wrote a memo to senior executives where they advised to not disclose the security vulnerability
- Google chose to not disclose the issue, fearing legal scrutiny and reputational damage
- The General Data Protection Regulation (GDPR) requires organizations to notify regulators of possible personal information data leaks inside a 72-hour window – this incident occurred in March 2019 – before the GDPR went into effect
- Google plans to permanently shut down Google Plus by August 2019
- A corporate version of Google Plus will remain active
Significant data breaches
In recent years, the number of significant data breaches has risen exponentially. Data breaches can damage an organization, but choosing not to disclose the breach, like Google did, can exacerbate the damage. Google’s inaction means it faces even greater reputational damage and fines, and it has almost certainly lost the trust of users.
Data Protection and the GDPR
The General Data Protection Regulation applies to any organization processing and storing EU residents’ personal data. Canadian and US organizations with any connection to the EU – whether through subsidiaries, customers, or suppliers – stand to be affected.
Complying to the GDPR will not only help you avoid significant fines and potentially heavy reputational damage, but also show customers that you can be trusted with their data, and ultimately derive added value from the data you hold.
Learn from the experts how to meet the requirements of the EU General Data Protection Regulation (GDPR). Gain knowledge of the Regulation, a practical understanding of the tools and methods for implementing and managing an effective compliance framework, and how to fulfill the role of the role of data protection officer (DPO).
Speak to an expert about GDPR.
Please contact our GDPR team for advice and guidance on our products and services.