In this episode, Matt Kelly and I being an exploration of the Facebook/Cambridge Analytica imbroglio. Today we consider the plight of soon-to-be former Facebook Chief Information Security Officer Alex Stamos who was seemingly retaliated against for his actions to try and bring the data hacking of Facebook to the attention of senior management. Stamos, who reported to the General Counsel, wanted to have a direct reporting line to Facebook senior executives, such as chief operating officer Sheryl Sandberg or CEO Mark Zuckerberg. Not only was this request denied but Stamos has 144 of the 147 employees who work under him transferred out from under his department. Now he is leaving the company although no word on whether he is ‘resigning to pursue other opportunities’.

We consider the culture of the company, with a seeming propensity to circle the wagons and not admit there was anything untoward even through Facebook was long aware of the Russian hacking and data theft by Cambridge Analytica. We discuss the differences in the role of a corporate legal department (defend the company) and the corporate compliance department (prevent, detect and remediate). Matt floats a very unusual trial balloon, that legal should report to compliance.

For on this subject, see Matt Kelly’s blog post The Core Ethics Challenge in Facebook’s Flop