NEW YORK (AP) — An audit of Facebook’s privacy practices for the Federal Trade Commission found no problems even though the company knew at the time that a data-mining firm improperly obtained private data from millions of users.
The audit by PricewaterhouseCoopers is available on the FTC’s website, though it is heavily redacted. It covers February 12, 2015 to February 11, 2017. Facebook agreed to outside audits every two years as part of a 2011 settlement with the FTC over its privacy practices. It is not clear from the report, as posted online, whether the company informed PwC of the Cambridge Analytica issue.
Representatives for Facebook and PwC did not immediately respond to messages for comment early Friday.
The fact that PwC found no issues could raise questions about whether such audits are useful.
Did the Arthur Andersen approvals of Enron demonstrate whether those client-paid audits were useful?
Absence of evidence will always be a problem for auditors.
Financial auditors at least know that really money doesn’t just appear or disappear. There will be a trail, and numbers that don’t match up when they should will alert auditors to a potential problem that requires investigation.
I don’t know how you can have any confidence that an audit of “privacy practices” is going to tell you if data is ending up where it shouldn’t.