Yesterday, news broke that third-party developers were able to pull public and private information from Google+ profiles, due to a security bug. (Approximately 500,000 names, photos, and emails associated with Google+ profiles were affected.)
Google discovered this back in March -- more than seven months ago -- and patched the issue. Ultimately, they decided not to publish any information about the incident, as they feared it would attract increased regulatory scrutiny and harm the company's reputation.
The move backfired, however, and Google announced yesterday that Google+ would be shutting down over the next 10 months, once the breach and their intentional lack of public notification were discovered.
Many of us haven't thought about Google+ in quite some time -- even Google noted the platform had failed to achieve "broad consumer and developer adoption."
So, why does this news matter?
The demise of Google+ can teach us a lot about how other social networking sites and software platforms will respond in similar situations. Moreover, it may preview what's to come for businesses who handle subscriber and customer data.
The Google+ Security Breach & Its Ripple Effects
Despite the platform’s lack of traction, the ripple effects of this data breach and the resulting shut down of Google+ could have a significant impact on businesses and the way they use data.
For its part, Google has already responded to news of the breach by announcing Project Strobe, which details the company’s plans to enhance user security by limiting or preventing third-party developers from accessing Android data, call logs, and contact information.
As with any major data breach, other companies are watching closely and -- depending upon the public’s reaction -- may respond in a similar way by placing proactive, more stringent limits on third-party developers. (This is especially likely against the backdrop of the recent rollout of GDPR and the Facebook Cambridge Analytica scandal.)
While we cannot predict which -- if any -- organizations may go the route of restricting third-party developers, we need to keep another important implication in mind:
Consumers are becoming increasingly skeptical of the ability of online platforms (and the companies that run them) to protect the personal data many are so eager to collect.
In Europe, this issue is being addressed with GDPR; here in the United States, however, the federal government has been less willing to pass similar legislation.
This may change as consumers themselves force the issue by demanding stricter policies and laws governing data collection and sharing. It’s only natural for the general public to grow increasingly concerned, when security breaches like Google+ are becoming such a regular occurrence.
There are three ways that the Google+ breach -- and its aftermath -- may impact businesses that use the internet to collect data on their users, customers or audience:
We don't have a crystal ball to peer into the future, but the growing number of major security breaches at high profile companies like Google and Facebook will inevitably mean that stricter data policies are on their way.
What we can do in the meantime is ensure that the data we (as businesses) collect is secure, we’re informing users what we plan to do with their data, and we’re up to date on the latest policies regarding website security and online privacy.
Additionally, we should keep in mind that the public rarely forgives organizations who would rather cover-up a mistake or security issue than disclose it.