Most of us are aware of the recent scandal involving Facebook and political consulting firm Cambridge Analytica, wherein the latter company obtained data from up to 87 million Facebook users and, in turn, built profiles of individual voters and their political preferences to best target advertising and sway voter sentiment. This information was used to enable Donald Trump’s campaign in the 2016 presidential election.
Right around that time it was reported that the Cambridge Analytica board of directors suspended CEO Alexander Nix. This action was taken after a whistleblower claimed Nix set up a “fake office” in Cambridge to present a more academic side to the company, and made comments to undercover reporters that “do not represent the values or operations of the firm and his suspension reflects the seriousness with which we view this violation.”
A feature about the scandal in Risk Management’s current issue explains why the incident was not a data breach and how companies can learn from this and comply with EU’s General Data Protection Regulation (GDPR) in time for its May 25 implementation.
In the aftermath of the scandal and Cambridge Analytica’s concession that it will not be able to recover from its reputational crisis—although the company’s leadership maintains that it acted ethically—the UK-based firm and its affiliates announced on May 2 that it will be “ceasing all operations.” Excerpts from its statement are below:
Over the past several months, Cambridge Analytica has been the subject of numerous unfounded accusations and, despite the Company’s efforts to correct the record, has been vilified for activities that are not only legal, but also widely accepted as a standard component of online advertising in both the political and commercial arenas.
Despite Cambridge Analytica’s unwavering confidence that its employees have acted ethically and lawfully, which view is now fully supported by [Queen’s Counsel Julian Malins] report, the siege of media coverage has driven away virtually all of the Company’s customers and suppliers. As a result, it has been determined that it is no longer viable to continue operating the business, which left Cambridge Analytica with no realistic alternative to placing the Company into administration.
This once again demonstrates how attacks in the court of public opinion can cripple a business. Despite a fast reaction and being exonerated by a credible authority, no amount of crisis management and communication could make up for the actions of Cambridge Analytica’s leadership. It also seems that the company had not considered a business continuity plan for a reputation crisis of this magnitude.
Last year, Steel City Re CEO Nir Kossovsky wrote for Risk Management Monitor about reputational risk—reflecting on it and warning of the consequences to an organization. When public anger rises, he said, “more blame is being cast upon recognizable targets, such as CEOs.”
And while Facebook CEO Mark Zuckerberg seems to have dodged the bullets fired his way during a Congressional hearing last month, Cambridge Analytica’s leadership knew that, based on its actions and the cavalcade of accusations, neither their clients nor the public would ever “like” them again.