MIT Sloan Management Review Article on Your Customers May Be the Weakest Link in Your Data Privacy Defenses

The Cambridge Analytica data breach offers an objective lesson in why companies should be wary of encouraging users to share contact information.

Don’t be too quick to answer. Many ethical, lawfully managed businesses do have such data — and it comes from a surprising source: their customers, who inadvertently share the personal data of their family, friends, and colleagues.

The lack of awareness regarding peer-dependent privacy is one way that London-based Cambridge Analytica Ltd. was able to collect the personal information of more than 71 million Facebook users, even though only 270,000 of them agreed to take the now-bankrupt company’s app-based personality quiz. Cambridge Analytica reportedly knew what it was doing, but any company that accesses customer data, such as contacts, call logs, and files, can unknowingly breach peer privacy.

About the Author

Bernadette Kamleitner is a professor of marketing and head of the Institute of Marketing and Consumer Research at Vienna University of Economics and Business. Vincent Mitchell is professor of marketing and head of discipline at the University of Sydney Business School. Andrew Stephen (@andrewtstephen) is the L’Oréal Professor of Marketing and associate dean of research at the University of Oxford. Ardi Kolah (@ardikolah) is an executive fellow and director of the GDPR Programme at Henley Business School.

Learn more about MIT SMR.