Are you accidentally uploading employee data to Facebook?
Following the Facebook Cambridge Analytica scandal, and with GDPR now just under 2 months away from becoming law, company data transfer and retention practices are coming under increasing scrutiny.
If you are a manager, director, or work in head office in a retail or hospitality organisation and have the Facebook app installed on a device which also contains colleagues’ personal data (names, phone numbers etc) here’s how you can do a quick ‘GDPR health check’ of the data Facebook holds on your employees, via your personal account:
1. Go to your Facebook Settings
Click this link to take you to the settings page, if you’re logged in to your account. One there, click on the link to download your archive, and follow the prompts:
2. Download the data file
Once you request it, Facebook will send two emails: The first acknowledges that a request was made, and the other gives you a link to get the file when it’s ready. The size of your file — and therefore the time it takes for Facebook to create it — will vary.
3. Check that Facebook has not blended your personal and corporate contact data
When you open the data file (you’ll likely need to ‘unzip’ a compressed folder first) you will see a selection of folders containing your different data types. Of particular relevance for employee GDPR data obligations is the “Contact_info.htm” file, accessible via the folder titled “Html”.
The contact info folder will contain a list of all the names and telephone numbers contained within your phone address book, if you have given the Facebook app access permission. Some users may even find that they’ve given permission for Facebook to monitor SMS and call logs.
The Facebook headlines will die down in time but the wider issue of how personal data is being used and stored will remain top of mind for some time as we enter a post-GDPR world. Getting into the habit of good data hygiene will help you ease into this transition.
If you want to remove work contact information already uploaded to Facebook (and prevent further such instances happening again in the future), the following resources should help:
(And if this is all too much hassle to manage going forward, you may wish to consider moving your workplace messaging to a dedicated platform such as Yapster. Yapster does not even try to collect contact data, ensuring our users never accidentally collect the data within their colleagues’ contact lists)