The office of the Australian privacy commissioner is launching an investigation into Facebook in the wake of the social media giant confirming that private information belonging to 310,000 Australians may have been accessed without authorisation by the controversial political data science group Cambridge Analytica.
Acting Australian Information Commissioner and acting Privacy Commissioner Angelene Falk said her office will work with regulatory authorities internationally as part of its investigation.
“The investigation will consider whether Facebook has breached the Privacy Act,” she said in a statement.
“All organisations that are covered by the Privacy Act have obligations in relation to the personal information that they hold. This includes taking reasonable steps to ensure that personal information is held securely, and ensuring that customers are adequately notified about the collection and handling of their personal information.”
Overnight, Facebook stunned the world in admitting that that “most” of its two billion users may have had their personal data skimmed from the site by “malicious actors”, and those whose information was accessed by Cambridge Analytica appears much higher than previously thought.
Up to 87 million users may have seen their personal information accessed by Cambridge Analytica, Facebook’s Chief Technology Officer Mike Schroepfer said in a blog post.
The figure is nearly double the 50 million Facebook first estimated and treble Cambridge Analytica’s own figure of 30 million.
The estimate that 310,000 Australians were affected put the country in the top 10 of the ongoing scandal.
Facebook subsequently disabled the search function that permitted the data scraping. It allowed anyone to look up a user’s public Facebook profile information, which can include gender and birthdate, by searching on only their phone number or email address.
“Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way,” Shroepfer said.
“We’re also making changes to account recovery to reduce the risk of scraping as well.”
Falk said the Facebook incident “a timely reminder” about the importance of privacy protection for everyone.
“Organisations should regularly and proactively assess their information-handling practices to ensure that they are both compliant with privacy laws and in keeping with community expectations,” she said.
Falk added that anyone with concerns about how their personal information has been collected or managed they can, in the first instance, contact Facebook directly and if unhappy with their response, contact the OAIC.