The villagers have pitchforks and torches in hand and everyone seems to be converging on Facebook--the scourge of all things private and personal. I am here to disband the angry mob by asking the question "how did Facebook get your data in the first place?" and telling people to look in the mirror before attacking Facebook.
I agree that Facebook is a little too brazenly cavalier in its attitude toward privacy. I am in no way suggesting that Facebook is completely innocent, or that it is some sort of paragon of information privacy practices. However, the opposite extreme is equally false.
Notable online personalities such as Leo Laporte, Cory Doctorow, and Matt Cutts, and Jason Rojas have deleted their Facebook accounts in protest--some in grand public gestures. What is lacking in all of the self-righteous indignation over Facebook privacy policies is the mea culpa factor.
The situation reminds me of the case where the woman spilled McDonald's coffee on her lap, then sued McDonald's because the coffee was hot and McDonald's didn't have the prescience of mind to notify her up front that pouring hot coffee on her lap might be bad. It's like shooting someone and blaming the bullet without stopping to consider who was responsible for pulling the trigger.
Even if there were no Facebook, a vast amount of personal information is already available on the Web just from publicly available documents and records. Just check BeenVerified.com or Whitepages.com to see how much the Internet already knows about you.
When it comes to any additional information that is out there, though, users need to take some responsibility for sharing that data. Privacy and social networking are at opposite ends of the spectrum and it's up to the individual user to exercise discretion in sharing information, and utilize the controls provided to place the fulcrum in the right spot to find a balance between the two that is comfortable.
Admittedly, much of the backlash isn't so much about Facebook having the information, or even in how that information is used or distributed. Many users are simply frustrated that the rules keep changing. Every time Facebook introduces a new feature, or unveils a new service or partnership, suddenly data is exposed in new ways that the user did not overtly consent to.
On that point, I refer back to my Open Letter to Facebook on Privacy. I believe that Facebook should be much more open about its development lifecycle, and allow for more public beta testing and forewarning before springing new features on half a billion members. I also feel that Facebook should disclose the details of any changes, and make new features and services opt-in rather than automatically moving the line in the sand for existing members.
However, my main point in the open letter still stands, and brings me back to the mea culpa focus of this article. Ultimately, the vast majority of users won't read the disclosures, and won't use the security controls provided to them. They will opt-in to take advantage of cool features and they will share information without regard for privacy.
IT administrators need to have clearly-defined policies in place regarding social networking using company computers or network resources. If social networking is allowed, even on a limited basis, user education is a key element of protecting data--informing users what to share and what not to share, and ensuring they are aware of the privacy and data security controls available.
McDonald's can't protect every clumsy customer that drives a car with a scalding hot cup of coffee between their legs, and Facebook can't be expected to be the guardian of every personal detail and sensitive fact shared willingly across its social network.