Published on October 9th, 2018
Yesterday, news broke that third-party developers were able to pull public and private information from Google+ profiles, due to a security bug. (Approximately 500,000 names, photos, and emails associated with Google+ profiles were affected.)
Google discovered this back in March -- more than seven months ago -- and patched the issue. Ultimately, they decided not to publish any information about the incident, as they feared it would attract increased regulatory scrutiny and harm the company's reputation.
The move backfired, however, and Google announced yesterday that Google+ would be shutting down over the next 10 months, once the breach and their intentional lack of public notification were discovered.
Many of us haven't thought about Google+ in quite some time -- even Google noted the platform had failed to achieve "broad consumer and developer adoption."
So, why does this news matter?
The demise of Google+ can teach us a lot about how other social networking sites and software platforms will respond in similar situations. Moreover, it may preview what's to come for businesses who handle subscriber and customer data.
The Google+ Security Breach & Its Ripple Effects
Despite the platform’s lack of traction, the ripple effects of this data breach and the resulting shut down of Google+ could have a significant impact on businesses and the way they use data.
For its part, Google has already responded to news of the breach by announcing Project Strobe, which details the company’s plans to enhance user security by limiting or preventing third-party developers from accessing Android data, call logs, and contact information.
As with any major data breach, other companies are watching closely and -- depending upon the public’s reaction -- may respond in a similar way by placing proactive, more stringent limits on third-party developers. (This is especially likely against the backdrop of the recent rollout of GDPR and the Facebook Cambridge Analytica scandal.)
What’s In Store for the Future?
While we cannot predict which -- if any -- organizations may go the route of restricting third-party developers, we need to keep another important implication in mind:
Consumers are becoming increasingly skeptical of the ability of online platforms (and the companies that run them) to protect the personal data many are so eager to collect.
In Europe, this issue is being addressed with GDPR; here in the United States, however, the federal government has been less willing to pass similar legislation.
This may change as consumers themselves force the issue by demanding stricter policies and laws governing data collection and sharing. It’s only natural for the general public to grow increasingly concerned, when security breaches like Google+ are becoming such a regular occurrence.
What Does It Mean For You?
There are three ways that the Google+ breach -- and its aftermath -- may impact businesses that use the internet to collect data on their users, customers or audience:
- For businesses that have not fully embraced permission-based marketing, reaching your prospects may get more difficult as a result of stricter data policies, such as GDPR, that require explicit consent or permission prior to making contact.
By contrast, if your business has embraced the core tenets of inbound marketing, and you've built a database comprised of users that have opted in, you should have little to worry about.
- The rules governing online privacy and data security will only get tighter, and its important for brands to take these regulations seriously -- both to protect themselves from liability and because they have a real responsibility to protect their users.
The most important currency we have as businesses is the trust of our customers. Lose that, and it won't matter how good your product or prices are.
- Users are already becoming increasingly more skeptical about providing their personal data on websites. If a user doesn’t trust a site, or isn't convinced of the value they'll get from providing their information, they may find what they need elsewhere. We’ve been hearing that for some time now, but in a heightened state of awareness, more and more users could change their habits.
Brands need to take steps to ensure their websites are secure and should think carefully about how much personal information they ask for.
We don't have a crystal ball to peer into the future, but the growing number of major security breaches at high profile companies like Google and Facebook will inevitably mean that stricter data policies are on their way.
What we can do in the meantime is ensure that the data we (as businesses) collect is secure, we’re informing users what we plan to do with their data, and we’re up to date on the latest policies regarding website security and online privacy.
Additionally, we should keep in mind that the public rarely forgives organizations who would rather cover-up a mistake or security issue than disclose it.