Facebook employees can access your accounts without a password !

facebook-logo

Online privacy is a subject that has haunted technology product users and companies alike for some time now.  There is always a fear in the minds of users that their private data might be accessible to tech product companies. On the other hand, technology companies are having to spend a lot of effort to make sure that privacy and data security is not being compromised.

The privacy issue was in spotlight recently when Paavo Siljamäki, director at the record label Anjunabeats, visited Facebook office to get advice on how to use Facebook better. When trying to demonstrate something, a Facebook employee asked Paavo if he could access Paavo’s Facebook account. And on getting permission, the Facebook employee could access Paavo’s account without even the need of a password.

Paavo, with obvious concerns about security of his private data and the fact that Facebook did not notify him that his account has been accessed, raised the question of how and how many Facebook employees can access such private data ?

Venture Beat asked comments about the same from Facebook and was told that

We have rigorous administrative, physical, and technical controls in place to restrict employee access to user data. Our controls have been evaluated by independent third parties and confirmed multiple times by the Irish Data Protection Commissioner’s Office as part of their audit of our practices.

Access is tiered and limited by job function, and designated employees may only access the amount of information that’s necessary to carry out their job responsibilities, such as responding to bug reports or account support inquiries. Two separate systems are in place to detect suspicious patterns of behavior, and these systems produce reports once per week which are reviewed by two independent security teams.

We have a zero tolerance approach to abuse, and improper behavior results in termination.

In Paavos’s case, the Facebook employee got permission to resolve the issue and therefore the account was accessed.

Inspite of all the audit compliances and promises on data privacy, users still remain a little restless about not knowing who, how and when can access their private data on the internet. Of all the challenges that tech world is seeing today, the one of data privacy sure needs to be the one that should be solved on priority. What the best solution could be to this problem ? – Notifying and asking for permission from the user every time his or her private data is being looked for whatever reason.

Send this to friend